Hi, I develop my http server with polarssl , version is 1.3.9! And I encount one problem, http server begin the renegotiation , then I expect client will send client’s cert to server, in order to verify client’s id, but if the client is IE 11, and the tls procotol version is 1.2, client never send client’s cert to the server , but work fine if tls version is 1.0 or 1.1.
how can I solve this problem?
Hi @hanghung
note that LTS branch 1.3 has been declared End Of Life almost a year ago, and is not supported anymore.
Version 1.3.9 is not even the latest version of this branch.
there have been many fixes, including security fixes which is very recommended you update your version to one of the supported branches.
I suggest you read the following article to assist you:
usually, in a server \ browser use case, the authentication is usually done in one side, where the browser authenticates the server. There is no need for a client certificate. Does the server request for a client certificate in your use case?
Please upgrade your Mbed TLS version, and check if issue continues.
Regards,
Mbed TLS Team member
Ron