• Login
    • Search
    • Categories
    • Recent
    • Tags
    • Users
    • Groups
    • Rules
    • Help

    Do more on the web, with a fast and secure browser!

    Download Opera browser with:

    • built-in ad blocker
    • battery saver
    • free VPN
    Download Opera

    TLS 1.3 certificate authentication fails with "post-handshake" error.

    Opera for Linux
    2
    4
    1299
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • celane23
      celane23 last edited by

      TLS 1.3 "cannot perform post-handshake authentication" when using client certificate authentication.

      opera-stable-101.0.4843.58-0.x86_64 on Fedora 36

      Web page served on Apache httpd-2.4.37-56
      OpenSSL 1.1.1k
      on AlmaLinux 8.7
      (I'm running this node, so can change the config to test TLS v1.3 functionality)

      Works fine doing client certificate authentication with Apache config line:
      SSLProtocol -all +TLSv1.2
      but error shows up with
      SSLProtocol -all +TLSv1.2 +TLSv1.3
      Firefox seems to have a "config setting" to allow post-handshake authentication that
      prevents this problem, but if Opera has such a flag, it' very well hidden.

      It's only a matter of time before TLSv1.2 becomes insecure, so having the full suite of capabilities on TLSv1.3 is essential.

      Reply Quote 0
        1 Reply Last reply
      • fonm
        fonm last edited by fonm

        opera-stable --tls1.3 --ssl-version-min 1.3

        Reply Quote 0
          fonm 1 Reply Last reply
        • fonm
          fonm @fonm last edited by

          @fonm said in TLS 1.3 certificate authentication fails with "post-handshake" error.:

          opera-stable --tls1.3 --ssl-version-min 1.3

          opera-stable --tls1.3 --ssl-version-min="tls1.3"
          
          Reply Quote 0
            celane23 1 Reply Last reply
          • celane23
            celane23 @fonm last edited by leocg

            @fonm
            your suggestion doesn't fix the "post-handshake" error with TLS 1.3, and in addition causes many other websites (including This one!) to fail, because they are not running TLS 1.3.

            Reply Quote 0
              1 Reply Last reply
            • Locked by  leocg leocg 
            • First post
              Last post

            Computer browsers

            • Opera for Windows
            • Opera for Mac
            • Opera for Linux
            • Opera beta version
            • Opera USB

            Mobile browsers

            • Opera for Android
            • Opera Mini
            • Opera Touch
            • Opera for basic phones

            • Add-ons
            • Opera account
            • Wallpapers
            • Opera Ads

            • Help & support
            • Opera blogs
            • Opera forums
            • Dev.Opera

            • Security
            • Privacy
            • Cookies Policy
            • EULA
            • Terms of Service

            • About Opera
            • Press info
            • Jobs
            • Investors
            • Become a partner
            • Contact us

            Follow Opera

            • Opera - Facebook
            • Opera - Twitter
            • Opera - YouTube
            • Opera - LinkedIn
            • Opera - Instagram

            © Opera Software 1995-