SSL Client authentication

From a very high level, my question is:  Is is tru that the server decides whther to invoke SSL client authentication and require client authentication from the client and not the other way around.

I believe the answer should be "yes, the server starts the authentication process, but I need to be sure".  Need to get past a mental block on my part.

Thanks
Anthony LuciaAsked:
Who is Participating?
 
Giovanni HewardConnect With a Mentor Commented:
SSL/TLS Handshake
Is is tru that the server decides whther to invoke SSL client authentication and require client authentication from the client and not the other way around.

I believe the answer should be "yes, the server starts the authentication process, but I need to be sure".  Need to get past a mental block on my part.

Yes, the server configuration determines whether client side SSL authentication is required.  Server side SSL authentication is mandatory, client side is optional. See RFC 5246.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.