TLSv12 Client Certificate Selection Behavior !!

Hareesh D hareesh.sai at
Tue Jun 11 10:50:15 UTC 2019

TLSv12 client is sending RSA certificate even when it dont have
digitalSignature bit in keyUsage extension. But RFC5246 sectiin-7.4.6 says
its MUST condition for client to send RSA certificate with digitalSignature
bit set in keyUsage extension.

1. Though server is rejecting such certificates, not sure why client sends
such certificates even when there is MUST condition for this point. Should
client send empty certificate list instead of sending wrong one? Client has
the provision of sensing empty certificate list when it don't have a
suitable certificate according to certificate request.

2. And also client is not checking the certificate_types requested in
certificate_message and also server not validating if the response is
according to the type requested. Consider server requesting only DSA
certificate. Client sending RSA certificate and server accepting it.

Is this behavior valid and according to RFC ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list