Author christian.heimes
Recipients benjamin.peterson, christian.heimes, ned.deily
Date 2018-09-14.00:16:07
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
TLS 1.3 removed renegotiation in favor of rekeying and post handshake authentication (PHA). With PHA, a server can request a client certificate from a client at some point after the handshake. The feature is commonly used by HTTP server for conditional and path specific TLS client auth. For example a server can decide to require a cert based on HTTP method and/or path. A client must announce support for PHA during the handshake

Apache mod_ssl uses PHA,

As of OpenSSL ticket, TLS 1.3 clients no longer send the PHA TLS extension by default. Nikos and I requested the change, because PHA breaks some assumptions of TLS 1.2 clients. For on-demand auth, PHA extension must be enabled with SSL_CTX_set_post_handshake_auth(), .

I propose to add a property on SSLContext to enable PHA and backport the change to Python 2.7, 3.6 and 3.7.

In order to test the feature, I'd also have to add some flags and a function for the server side: (SSL_VERIFY_CLIENT_ONCE, SSL_VERIFY_POST_HANDSHAKE, SSL_verify_client_post_handshake()).
Date User Action Args
2018-09-14 00:16:09christian.heimessetrecipients: + christian.heimes, benjamin.peterson, ned.deily
2018-09-14 00:16:08christian.heimessetmessageid: <>
2018-09-14 00:16:08christian.heimeslinkissue34670 messages
2018-09-14 00:16:07christian.heimescreate