TLS 1.3 certificate authentication fails with "post-handshake" error.
-
celane23 last edited by
TLS 1.3 "cannot perform post-handshake authentication" when using client certificate authentication.
opera-stable-101.0.4843.58-0.x86_64 on Fedora 36
Web page served on Apache httpd-2.4.37-56
OpenSSL 1.1.1k
on AlmaLinux 8.7
(I'm running this node, so can change the config to test TLS v1.3 functionality)Works fine doing client certificate authentication with Apache config line:
SSLProtocol -all +TLSv1.2
but error shows up with
SSLProtocol -all +TLSv1.2 +TLSv1.3
Firefox seems to have a "config setting" to allow post-handshake authentication that
prevents this problem, but if Opera has such a flag, it' very well hidden.It's only a matter of time before TLSv1.2 becomes insecure, so having the full suite of capabilities on TLSv1.3 is essential.
-
fonm last edited by
@fonm said in TLS 1.3 certificate authentication fails with "post-handshake" error.:
opera-stable --tls1.3 --ssl-version-min 1.3
opera-stable --tls1.3 --ssl-version-min="tls1.3"
-