[openssl-users] Preventing Handshake Termination Because of Unverifiable Client Certificates

Viktor Dukhovni openssl-users at dukhovni.org
Tue Sep 11 07:27:17 UTC 2018

> On Sep 11, 2018, at 2:25 AM, Armen Babikyan <armen.babikyan at gmail.com> wrote:
> I realized that something like this could be an option a few minutes after I hit "send".  Thanks for the confirmation - I'll give this a shot!

You should also consider what if anything you want to pass to


See the docs.  Some clients (IIRC Java's TLS stack) don't send any
client certificates unless the server solicits a certificate from
a matching CA, and leaving the list empty may not work for such


More information about the openssl-users mailing list