stackoom
  简体   繁体   中英

Is a client certificate encrypted during the ssl handshake

 原文  2022-01-09 12:03:41       security/ authentication/ ssl

Question

During an SSL handshake with client authentication, is the client certificate encrypted when it is transmitted by the browser to the server? In other words does the symmetric key exchange occur BEFORE the client certificate is transmitted? I assume it is else a listener could steal the certificate right?

1 answers

solution1
 0  2022-01-09 12:21:48

With TLS 1.3 both server and client certificates are encrypted, with TLS 1.2 and lower they are send in clear.

I assume it is else a listener could steal the certificate right?

A certificate is usually not considered secret information. Only the private key matching the public key in the certificate is secret, but this private key is not transmitted.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How does SSL handshake/protocol work if client already has server certificate? SSL server socket and handshake with known certificate tomcat ssl client handshake java error SSL works without Client certificate Received close_notify during handshake SSL Error? Where is the session key stored on the client side after SSL handshake? Simple handshake for encrypted socket Deny access if the client is using a different SSL certificate Will website name in certificate shared by server during handshake kill the DNS over https purpose? Intermittent SSL handshake error
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM