[LINK] [OT] Help re RFC 2246. The TLS Protocol
Bernard Robertson-Dunn
brd at iimetro.com.au
Thu Feb 19 22:54:52 AEDT 2009
This is totally off topic and I apologise, but I need some help fast.
Re RFC 2246 The TLS Protocol
Problem:
I need a client initiated SSL session to force mutual authentication.
My understanding:
It seems that when the server initiates the SSL handshake it has three
options:
Perform the handshake as a server.
Perform the handshake as a server with client authentication.
Perform the handshake as a server with optional client authentication.
However, the client can only request a handshake but not specify that it
must have client authentication.
Thus mutual authentication is normally enabled by configuring the server
appropriately.
I have been told that by specifying CipherSuite to be
TLS_DHE_DSS_WITH_DES_CBC_SHA it will force the server to request a
client certificate and hence mutual authentication
Questions:
Am I correct in thinking that when initiated by the client, an SSL
handshake cannot force mutual authentication?
Does setting CipherSuite = TLS_DHE_DSS_WITH_DES_CBC_SHA force mutual
authentication?
If so, how?
Any help, off Link, would be appreciated.
--
Regards
brd
Bernard Robertson-Dunn
Canberra Australia
brd at iimetro.com.au
More information about the Link
mailing list