Post Reply 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Problem with certificates
2014-07-28, 13:21
Post: #21
RE: Problem with certificates
(2014-07-23 13:12)welty Wrote:  woowwwww, it works with "SSLVerifyClient require" and "SSLVerifyDepth 1" directives outside of the <Directory> !!

That makes some sense. If the SSLVerifyClient applies only to a specific directory (either via .htaccess or via <Directory>), then the server won't ask for a certificate until after it knows which directory the client is trying to access. At that point it would have to renegotiate, since there's no other way to ask for a client certificate once the TLS session has already been established.

There is a known plaintext-injection attack when renegotiation is enabled. Implementing renegotiation in iPXE would be relatively straightforward, but I'm not sure if it would substantially weaken the security, so I don't really want to do it until I understand the implications.

Michael
Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 


Messages In This Thread
Problem with certificates - welty - 2014-05-28, 07:59
RE: Problem with certificates - mcb30 - 2014-06-02, 11:03
RE: Problem with certificates - welty - 2014-06-02, 13:08
RE: Problem with certificates - mcb30 - 2014-06-02, 13:42
RE: Problem with certificates - welty - 2014-06-03, 09:12
RE: Problem with certificates - welty - 2014-06-03, 10:24
RE: Problem with certificates - mcb30 - 2014-06-03, 11:15
RE: Problem with certificates - welty - 2014-06-03, 11:53
RE: Problem with certificates - mcb30 - 2014-06-11, 20:15
RE: Problem with certificates - welty - 2014-06-12, 15:25
RE: Problem with certificates - mcb30 - 2014-06-12, 15:47
RE: Problem with certificates - welty - 2014-06-17, 14:29
RE: Problem with certificates - mcb30 - 2014-06-17, 15:03
RE: Problem with certificates - welty - 2014-07-21, 15:09
RE: Problem with certificates - mcb30 - 2014-07-21, 17:45
RE: Problem with certificates - welty - 2014-07-22, 16:17
RE: Problem with certificates - mcb30 - 2014-07-22, 16:36
RE: Problem with certificates - welty - 2014-07-23, 08:03
RE: Problem with certificates - welty - 2014-07-23, 13:12
RE: Problem with certificates - mcb30 - 2014-07-28 13:21



User(s) browsing this thread: 1 Guest(s)