When nginx requests a client certificate with ssl_verify_client option,
and client complies, the latter sends its certificate in plain text.

Although it's just a public part of the certificate, one can consider it
a kind of information disclosure, since user name, email, organization,
etc. is transmitted in plain text.

According to this stackexchange question -
https://security.stackexchange.com/questions/80177/protecting-information-in-tls-client-certificates
- it's technically possible to request client certificate after
connection is encrypted.

Is it possible to do that in nginx?