On 15 February 2017 at 03:18, David Wong <davidwong.cry...@gmail.com> wrote: > Oups, my bad. What about if the client do send a certificate, but the server > decides not to accept it, but goes on with the connection (I think nothing > in the spec says that the server needs to terminate the connection if the > client cert is not good).
Then it is up to the server to remember this condition. If it resumes and later assumes that the client certificate is in place, then it's a big problem. Of course, it's easier to NOT remember a client certificate, so I expect that failure mode to be rare. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
