2

When I visit a particular site, foobar.com, I am being prompted for a client certificate, which is unexpected for this site.

I assumed there would be a Certificate Request message in the HTTPS handshake, so I fired up Wireshark 4.x and did a clean capture.

Wireshark Capture of Handshake

There's no Certificate Request after the Server Hello - just the server's certificates (issued by Encryption Everywhere) and the Certificate Status flag.

I've confirmed there are no proxies in-between, and I've verified that WireShark properly picks up the Certificate Request flag from other mTLS-enabled sites.

As far as I know, the Certificate Request cannot be within an encrypted part of the handshake, but maybe I'm wrong on that.

Can anyone shed some light on what to look for within this exchange to identify why my browser's being prompted for a client certificate?

Improve this question
1
  • In TLS 1.3 certreq is encrypted either as part of the handshake or later (where it is now a specific operation not part of a renegotiation), but your example isn't 1.3
    – dave_thompson_085
    Commented Jun 20 at 23:48

1 Answer 1

Reset to default
1

Hard to be sure without being able to test against the site. But I suspect that the site requires client certificates only for a specific path.

This is implemented in TLS 1.2 and lower by first doing a normal TLS handshake without requesting a client certificate, reading the HTTP request, determining based on the path in the request that a client certificate is needed and then doing a renegotiation inside the already established TLS connection.

In this case it is not visible from the outside that a client certificate is requested, one can only observe EncryptedHandshake messages since the new handshake is protected with the keys exchanged by the previous handshake.

Improve this answer
2
  • Interesting - I didn't know that this was even possible. Is there a way to confirm that this is happening? For example, I have Fiddler set up so that I can inspect/debug my HTTPS calls - is there a way that I could tell from there, instead? I checked the properties of the tunnel entries but didn't see anything telling within them.
    – jhilgeman
    Commented Jun 20 at 22:19
  • @jhilgeman: You would see some Application Data (the HTTP request) followed by Encrypted Handshake Message (the new handshake) followed by a Change Cipher Spec in the pcap.
    – Steffen Ullrich
    Commented Jun 21 at 5:35

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .