Hi All,
We have a scenario where HA proxy might send a large of "Acceptable client
certificate CA names" to the client as part of the "Certificate Request"
message. What we see on the client side, is that it balks with the following
error:
>>> TLS 1.2 Alert [length 0002], fatal illegal_parameter
02 2f
139911422498632:error:1408E098:SSL routines:SSL3_GET_MESSAGE:excessive message
size:s3_both.c:512:
---
Now, for the moment we worked arpound the problem by preventing the server from
sending down the client certificate request, but we're wondering if:
1 - Anyone is aware of this issue or if there is a limitation to the number of
names that the server can send down?
2 - Is there a way to send the client request, but avoid sending the list of
"acceptable client certificate CA names"
Regards,
Mihir
