-
Notifications
You must be signed in to change notification settings - Fork 393
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS client authentication: missing ciphers #249
Comments
Do you have a pcap you could share for this? Client certs aren't very common, so this code hasn't really had a huge amount of testing. |
I uploaded 2 pcaps, one without client auth (which returns the correct ciphers) and one with client auth (which returns only TLSv1.3 ciphers) |
Thanks. I'm afraid I don't have a huge amount of time for this project at the moment, but I'll take a look at these when I get a chance and see if I can work out what's going wrong. |
I had a look into this earlier in the week and I couldn't see anything obviously wrong in the pcap files. The client certificate stuff is all just using built-in OpenSSL functionality, so there's not much custom stuff we're doing with it. I don't have a haproxy instance to test against, but the badssl.com client certificate sites seemed to work fine with sslcsan for me. Do they work correctly with the version you're running, or is that broken as well? Thanks |
Hi,
i am using haproxy and sslscan 2.0.10
Before i enabled client certificate authentication, sslscan returned the following ciphers:
After i enabled certificate authentication, sslscan is only returning TLSv1.3 ciphers:
I also started a test with https://www.ssllabs.com/ssltest/ , this tools returns all TLSv1.2 + TLSv1.3 ciphers while client authentication is enabled.
Therefore i think, this is a bug.
The text was updated successfully, but these errors were encountered: