Encrypting TLS client certificates`

WGH nginx-forum at forum.nginx.org
Tue Oct 25 23:20:00 UTC 2016

When nginx requests a client certificate with ssl_verify_client option,
and client complies, the latter sends its certificate in plain text.

Although it's just a public part of the certificate, one can consider it
a kind of information disclosure, since user name, email, organization,
etc. is transmitted in plain text.

According to this stackexchange question -
- it's technically possible to request client certificate after
connection is encrypted.

Is it possible to do that in nginx?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,270558,270558#msg-270558

More information about the nginx mailing list