Hi, On Thu, Mar 4, 2021 at 10:48 PM Xue-Lei Fan <xuelei....@oracle.com> wrote:
> Did you have a chance to read RFC 8740? Post-Handshake authentication in > HTTP/2 is not allowed for TLS 1.3. Is there a concern for the use case you > mentioned? > Servlet supports both HTTP/1.1 and HTTP/2. The concern here is for HTTP/1.1. We'll likely exclude client-cert for HTTP/2. Kind regards, Arjan Tijms
