SSL_connect with TLS 1.3 and client Certificates

Christian Schmidt schmidt at
Wed Jul 14 13:31:41 UTC 2021

On 14/07/2021 13:31, Matt Caswell wrote:
> On 13/07/2021 19:44, Christian Schmidt wrote:
>> Hello all,
>> I am currently trying to build both client and server of an application
>> that uses TLS 1.3 and mutual authentication using certificates. The
>> application works so far - I can establish connections, certificates are
>> verified, data is successfully transmitted, etc.
>> However, I have an issue, or maybe two.
>> 1. SSL_connect returns successfully before the client certificate is
>> sent from the client to the server. The client certificate is only sent
>> on the first SSL_write_ex with > 0 bytes, and as such, at this point the
>> server can generate SSL alerts like access denied, etc.
> TLSv1.3 supports two types of certificate request. It can occur during
> the initial handshake, or it can occur as a post-handshake request. It
> sounds like you are doing the latter, but you want the former. Is that
> correct?
> What are you doing in your code to request the certificate from the client?

I may have interpreted what I was seeing wrong. I was assuming that
openssl was sending the client certificate together with the first data
frame, but it seems that some coalescing happens on the kernel side,
causing the server to retrieve both SSL records at once. The
asynchronous nature of TLS implies that after sending the client
certificate, SSL_connect() does not have to wait for a positive
confirmation. Adding a sufficiently large usleep() between SSL_connect()
and the first data record makes this visible.

Please ignore my question.

Best regards,

More information about the openssl-users mailing list