That would be my guess - that the server is requesting the client certificate via renegotiation. Good research. :-)
A good way to confirm would be to configure Wireshark to decrypt the TLS. On Wed, Oct 30, 2024 at 6:26 AM mahesh b <mahesh.b.2...@gmail.com> wrote: > Or is this happening > https://security.stackexchange.com/questions/277457/why-is-the-browser-being-prompted-for-a-client-certificate-without-a-certificate > > > On Wed, Oct 30, 2024 at 2:12 PM mahesh b <mahesh.b.2...@gmail.com> wrote: > >> Hi, >> I am trying to see the tls 1.2 handshake for mutual tls, the mutual >> tls handshake is success, cause i see that client application is popped up >> with an option to pick the client certificate it has to choose for the >> handshake to succeed. >> >> But in wireshark am neither seeing "Certificate Request" sent from server >> to client and the client sending its "Certificate" >> >> I also tried the suggestion mentioned here >> https://ask.wireshark.org/question/23327/not-able-to-see-client-certificate-in-capture/ >> it dint work, googling further i see another thread >> https://seclists.org/wireshark/2019/Jun/2 , tried the suggestions as >> well dint work. >> >> Can pls someone help wat configurations am i missing ? to see the >> certificate request and client certificate in the tls 1.2 handshake. >> >> I understand in tls 1.3 everything is encrypted after server hello. My >> question is specifically for tls 1.2 handshake. >> >> >> Am using the below >> Wireshark : Version 4.4.1 (v4.4.1-0-g575b2bf4746e) >> Windows 11(client running here) and Windows 2022 (Server running here) >> >> Regards, >> Mahesh.B >> > _______________________________________________ > Wireshark-dev mailing list -- wireshark-dev@wireshark.org > To unsubscribe send an email to wireshark-dev-le...@wireshark.org >
_______________________________________________ Wireshark-dev mailing list -- wireshark-dev@wireshark.org To unsubscribe send an email to wireshark-dev-le...@wireshark.org
