TLS Handshake, Client Authentication,missing CertificateVerify Message
843811Feb 8 2008 — edited Feb 9 2008Hi,
According to the TLS 1.0 specification (rfc2246) there are 2 additional client messages if client authentication is used.
- client certificate: the clients certificate chain
- certificate verify: a digitally signed hash of the handshake messages so far
the specification states for the certificate verify message:
"This message is only sent following a client
certificate that has signing capability (i.e. all certificates
except those containing fixed Diffie-Hellman parameters). When
sent, it will immediately follow the client key exchange message.
"
During a TLS-Handshake with Client-Authentication using JSSE (Java 1.4.2.) on the client using a keystore which contains ONLY a certificate without the corresponding private key the client sends only the client certificate message but no certificate verify.
While i understand that the client is not able to sign the hash without the corresponding private key I wonder if this behavior (sending the certificate without the certificate verify message) is correct according to the TLS 1.0 specification.
my question (for these who would not read the stuff above ;) ):
- is it a correct implementation of the TLS handshake protocol to skip the client verify message if the client does not possess the private key of the used certificate
- (non-java) does someone know a way to force a SCHANNEL (windows) server implementation to reject connections where the certificate verify message is missing