On Wed, Oct 12, 2016 at 03:10:54AM -0400, Daniel Kahn Gillmor wrote:
> I don't think it's too much to ask that implementations be able to
> reject a post-handshake CertificateRequest gracefully, even if they have
> no intention of ever implementing a proper Client Certificate response.
Unfortunately, currently it is too much:
One can't just send a message saying "NAK CertficiateRequest X", since
that message is followed by Finished message, that is quite annoying
to compute (even requires forkable hash, when nothing else requires
that, and if one is to be able to freeze connection, requires very
exotic features from hash implementation.
TLS mailing list