Add TLS Client Authentication #1151
Conversation
Update gVisor to 20231113.0
Introduce a feature to require and verify client certificate to provide mutual authentication in TLS.
This comment was marked as spam.
This comment was marked as spam.
This comment was marked as abuse.
This comment was marked as abuse.
This comment was marked as spam.
This comment was marked as spam.
|
mTLS is an established protocol and the SSL error you mention is expected. The peers communicating using mTLS need to use certificates which are signed by a self-issued root certificate, meaning such networks are not available for public access and usual one way TLS connections are not allowed. So it is meaningless to implement a fallback since it completely invalidates the mTLS processes. |
This comment was marked as spam.
This comment was marked as spam.
This comment was marked as abuse.
This comment was marked as abuse.
fix typo in tls.zh.md Signed-off-by: jose-C2OaWi <111356383+jose-C2OaWi@users.noreply.github.com>
This is absurd, regarding the diagram you have sent, the server asks for certificate from client (which tells the client that the protocol being used is mTLS and not TLS) whereas in normal TLS no such operation is performed. By simply accepting the GFW's invalid certificate and serving a webpage you are practically violating the protocol you are advertising to conform to and this is a much severer footprint than correctly rejecting the GFW's invalid certificate. |
nekohasekai
force-pushed
the
dev-next
branch
from
bbea3aa
to
a75d45e
Compare
nekohasekai
force-pushed
the
dev-next
branch
from
4cbb736
to
927865e
Compare
Signed-off-by: jose-C2OaWi <111356383+jose-C2OaWi@users.noreply.github.com>
nekohasekai
force-pushed
the
dev-next
branch
4 times, most recently
from
b759111
to
733c14d
Compare
nekohasekai
force-pushed
the
dev-next
branch
30 times, most recently
from
954a7d8
to
5960c25
Compare
Add a feature for Issue 1054
Credits:
@ginuerzh for the implementation of gost