[openssl-users] (no subject)

Jeffrey Walton noloader at gmail.com
Sat Aug 27 00:45:32 UTC 2016

On Fri, Aug 26, 2016 at 6:56 PM, Juliano Souza <thespamer at gmail.com> wrote:
> I just found it.
> Hope to help someone with same requirement.
> http://www.cafesoft.com/products/cams/ps/docs32/admin/ConfiguringApache2ForSSLTLSMutualAuthentication.html

There's also Origin Bound Certificates (OCB),
http://www.czeskis.com/research/pubs/tls-obc.pdf. They are like
"tear-off" personal certificates. A user generates one on the fly for
an origin/site, and then uses it when needed. Its not signed by an
authority, so its like the user equivalent to a server's self signed

The appealing thing with them is they effectively stop the MitM games
played by many user agents. Not surprisingly, the browser have mostly
rejected them because in their security model, interception is a valid
use case.


More information about the openssl-users mailing list