Solved

SSL Client authentication

Posted on 2014-03-24
1
425 Views
Last Modified: 2014-03-24
From a very high level, my question is:  Is is tru that the server decides whther to invoke SSL client authentication and require client authentication from the client and not the other way around.

I believe the answer should be "yes, the server starts the authentication process, but I need to be sure".  Need to get past a mental block on my part.

Thanks
0
Comment
Question by:Anthony Lucia
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 15

Accepted Solution

by:
Giovanni Heward earned 500 total points
ID: 39950752
SSL/TLS Handshake
Is is tru that the server decides whther to invoke SSL client authentication and require client authentication from the client and not the other way around.

I believe the answer should be "yes, the server starts the authentication process, but I need to be sure".  Need to get past a mental block on my part.

Yes, the server configuration determines whether client side SSL authentication is required.  Server side SSL authentication is mandatory, client side is optional. See RFC 5246.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

OnPage: Incident management and secure messaging on your smartphone
There's a lot of hype surrounding blockchain technology. Here's how it works and some of the novel ways it' s now being used - including for data protection.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question