Re: SSL handshake and client certificate

From: Pieter Philippaerts (Pieter_at_nospam.mentalis.org)
Date: 01/16/04


Date: Fri, 16 Jan 2004 18:47:55 +0100


"Tester" <test> wrote in message
> Could someone tell me if private key of the client certificate is involved
> during the SSL handshake with a server? Server asks for renegotiation with
> client authentication over already established SSL connection, will
private
> key of the client certificate be used to derive new session key during
> rehandshake?

It will not be used to derive a session key, but the client must sign a hash
of all the handshake messages with it [so that the server can verify that
the client really has access to the private key]. So yes, the private key of
the client certificate will be used during the negotiation.

Regards,
Pieter Philippaerts
SSL/TLS for .NET: http://mentalis.org/go.php?sl