Welcome! Log In Create A New Profile

Advanced

Option to fail TLS handshake on bad client cert

Previous Message Next Message
Forum List Message List New Topic Print View
jwang60606
November 13, 2019 02:04PM
Hi,

I'm using nginx to proxy gRPC requests that have the client authenticate
with a client certificate. When connecting directly to Go's gRPC server
with an untrusted client certificate or with no client certificate when one
is required, the server will fail the TLS handshake. I believe it would be
useful if nginx supported enabling this behavior.

This behavior is useful because it allows clients to know that they are not
authenticated when they dial as opposed to on making a gRPC request.
Additionally, failing the TLS handshake removes the need for the error
pages served to the client indicating a untrusted certificate to have the
Content-Type, gprc-status, and grpc-message headers set.

Would the project be open to implementing this or accepting patches based
on this rationale?

Best,
Jason
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

Option to fail TLS handshake on bad client cert

jwang60606 257 November 13, 2019 02:04PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 176
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready