TLSv12 Client Certificate Selection Behavior !!

Jakob Bohm jb-openssl at
Tue Jun 11 14:19:07 UTC 2019

On 11/06/2019 12:50, Hareesh D wrote:
> TLSv12 client is sending RSA certificate even when it dont have 
> digitalSignature bit in keyUsage extension. But RFC5246 sectiin-7.4.6 
> says its MUST condition for client to send RSA certificate with 
> digitalSignature bit set in keyUsage extension.
> 1. Though server is rejecting such certificates, not sure why client 
> sends such certificates even when there is MUST condition for this 
> point. Should client send empty certificate list instead of sending 
> wrong one? Client has the provision of sensing empty certificate list 
> when it don't have a suitable certificate according to certificate 
> request.
> 2. And also client is not checking the certificate_types requested in 
> certificate_message and also server not validating if the response is 
> according to the type requested. Consider server requesting only DSA 
> certificate. Client sending RSA certificate and server accepting it.
> Is this behavior valid and according to RFC ?
There's an overarching OpenSSL policy that certificate checks are
done exclusively by the relying end (for client certs, that's the
server), except when certified end is trying to choose from
multiple certificates.

Thus with only one certificate available, the OpenSSL sends the
(untrusted, and in this case inappropriate) certificate, just in
case the server was somehow configured to make a special exception
for this particular case.


Jakob Bohm, CIO, Partner, WiseMo A/S.
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the openssl-users mailing list