Client Certificate Authentication & TLS 1.3

--

What Is Client Certificate Authentication

It is the concept of the end user sending an SSL certificate for authentication purposes.

Renegotiation Concept

When a new TLS handshake negotiation happens inside of an existing secure session. It is the process that allows the client of the server to initiate a new handshake within an existing TLS session.

Normal Flow Of Client Certificate Authentication In IIS With TLS 1.2

Browsed to my site “https://localhost”, got prompted for a certificate, selected one and got access to my site.

I took a Wireshark and looks as follows (leaving some parts out of the picture):

Client Hello
Server Hello, Certificate, Server Key Exchange, Server Hello DoneApplication Data

This works well and I got access to my site without any issue.

[…]

https://jenkins96.github.io/2024-08-06-Client-Certificate-Autentication-TLS1.3/

--

--