New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/tls: RequireAndVerifyClientCert is not working as intended. #63122
Comments
Please fill out the complete issue template. What program did you run? What did you expect to see? What actually happened instead? |
Updated with necessary info. Thanks for pointing it out |
this looks working as intended for TLS1.3 which encrypts everything after server hello. |
Where can i see this behavior change notes/doc |
@Manikishore-S It is a TLS 1.3 spec point, not specific to Go. See RFC 8446.
|
@rittneje @seankhliao Thanks a lot!! |
What version of Go are you using (
go version
)?$ go version
go1.21.1 darwin/amd64
Does this issue reproduce with the latest release?
Yes i tried with latest and older releases as well
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
Start a crypto/tls-based webserver with mtls connection as show below.
Server.go
Client.go
What did you expect to see?
You may expect to see a client certificate is getting exchanged for client auth verification. but it is not happening and the connection is normal TLS instead of mTLS.
What did you see instead?
A TLS handshake without client certificate verification in mTLS.
I have tried with other option requestClientCertificate etc but none of them worked. seems a bug.
The text was updated successfully, but these errors were encountered: