locked
socket schannel client authentication RRS feed

  • Question

  • On Windows 7Pro, I have a secure socket client app using schannel. Connecting to a secure server with TLSV1.0, 1.1 and 1.2, without client authentication works fine. Connecting to a secure server with TLSV1.0, 1.1, with client authentication works fine. A connection with client authentication with TLSV1.2 fails. Instead of replying with handshake certificate, the client replies with 3 TLS records: Client Key exchange-Cipher change spec-Client key exchange. As the server does not receive the client's certificate, it aborts the connection. The client's certificate has an intermediate and trusted root ca. In all cases AcquireCredentialsHandle is called with SCH_CRED_NO_DEFAULT_CREDS|SCH_CRED_MANUAL_CRED_VALIDATION|SCH_CRED_NO_SERVERNAME_CHECK, and InitializeSecurityContext with (among others) ISC_REQ_MANUAL_CRED_VALIDATION and ISC_REQ_USE_SUPPLIED_CREDS.

    Do I need to treat client authentication differently for TLS V1.2?

    Thursday, November 26, 2015 3:31 PM