TLS 1.3 Post-handshake authentication
arjan tijms
arjan.tijms at gmail.com
Thu Mar 4 23:09:50 UTC 2021
Hi,
On Thu, Mar 4, 2021 at 10:48 PM Xue-Lei Fan <xuelei.fan at oracle.com> wrote:
> Did you have a chance to read RFC 8740? Post-Handshake authentication in
> HTTP/2 is not allowed for TLS 1.3. Is there a concern for the use case you
> mentioned?
>
Servlet supports both HTTP/1.1 and HTTP/2. The concern here is for
HTTP/1.1. We'll likely exclude client-cert for HTTP/2.
Kind regards,
Arjan Tijms
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20210305/3f9b5824/attachment.htm>
More information about the security-dev
mailing list