@fonm
your suggestion doesn't fix the "post-handshake" error with TLS 1.3, and in addition causes many other websites (including This one!) to fail, because they are not running TLS 1.3.
Posts made by celane23
-
RE: TLS 1.3 certificate authentication fails with "post-handshake" error.Opera for Linux
-
TLS 1.3 certificate authentication fails with "post-handshake" error.Opera for Linux
TLS 1.3 "cannot perform post-handshake authentication" when using client certificate authentication.
opera-stable-101.0.4843.58-0.x86_64 on Fedora 36
Web page served on Apache httpd-2.4.37-56
OpenSSL 1.1.1k
on AlmaLinux 8.7
(I'm running this node, so can change the config to test TLS v1.3 functionality)Works fine doing client certificate authentication with Apache config line:
SSLProtocol -all +TLSv1.2
but error shows up with
SSLProtocol -all +TLSv1.2 +TLSv1.3
Firefox seems to have a "config setting" to allow post-handshake authentication that
prevents this problem, but if Opera has such a flag, it' very well hidden.It's only a matter of time before TLSv1.2 becomes insecure, so having the full suite of capabilities on TLSv1.3 is essential.