TLSv12 Client Certificate Selection Behavior !!

Michael Richardson mcr at
Tue Jun 11 20:58:46 UTC 2019

Viktor Dukhovni <openssl-users at> wrote:
    > Yes, v1 certs would get a free ride.  The reason to enforce KU
    > in client certs would be that client certs are not infrequently
    > (though not always) optional, and it can be better to not send
    > any client cert, than to send one the server will reject.

802.1AR seems to discourage KU in IDevID because at most KU bits make
the certificate less useable, and IDevID certificates are expected to live
for decades.

    > RSA client certs without digital signature in KU are increasingly
    > not interoperable as more server implementations are checking the
    > keyUsage these days.  So at some point it makes sense to consider
    > not offering such (client) certs to the peer server.

I would like knobs for this.

]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr at        |   ruby on rails    [

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <>

More information about the openssl-users mailing list