Re: Client certificate sent in clear or not?
From: John Banes [MS] (jbanes_at_online.microsoft.com)
Date: 01/13/04
- Next message: Tester: "Is it possible to force IIS to accept any client ssl certificate?"
- Previous message: Krish Shenoy[MSFT]: "Re: xenroll Question"
- In reply to: Tester: "Client certificate sent in clear or not?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 12 Jan 2004 15:53:24 -0800
It depends on how the server is configured.
Sometimes the client certificate is sent during the initial SSL handshake,
in which case it is sent in the clear.
Sometimes the server doesn't ask for a client certificate during the first
handshake. In this case, the server will initiate a renegotiation at some
later time, and request a client certificate during a second handshake. In
this case all of the messages in this second handshake are sent encrypted,
including the client certificate. This is the mode that IIS usually uses.
Regards,
John Banes
[Microsoft Security Developer]
This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send email directly to this alias. This alias is for newsgroup
purposes only.
"Tester" <test> wrote in message
news:%23bcvqRG2DHA.2528@TK2MSFTNGP09.phx.gbl...
> Hi,
>
> Could someone tell me if client certificate (for client auth) is sent in
> clear during SSL
> handshake or is it sent after SSL handshake is done?
>
> Thanks for any response
>
>
>
- Next message: Tester: "Is it possible to force IIS to accept any client ssl certificate?"
- Previous message: Krish Shenoy[MSFT]: "Re: xenroll Question"
- In reply to: Tester: "Client certificate sent in clear or not?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
