Revision history [back]

Hi.

I'm debugging an issue with a SSL client certificate authentication (RFC5246) that always fails with HTTP 400. In wireshark on client side I can see a [RST,ACK] (Reset connection) after encrypted handshake message. On a working connection both server and client are sending a [FIN,ACK]. Eventhough on the failing session using curl --trace I can see that the client starts sending content after the handshakes as usual, nothing to see about that Reset, then receiving the HTTP 400.

What could that be? I like to confirm that both handshakes for server certificate and client certificate are successful and the issue is based on the payload.

Hi.

I'm debugging an issue with a SSL client certificate authentication (RFC5246) that always fails with HTTP 400. In wireshark on client side I can see a [RST,ACK] (Reset connection) after encrypted handshake message. On a working connection both server and client are sending a [FIN,ACK]. Eventhough on the failing session using curl --trace I can see that the client starts sending content after the handshakes as usual, nothing to see about that Reset, then receiving the HTTP 400.

What could that be? I like to confirm that both handshakes for server certificate and client certificate are successful and the issue is based on the payload.

From client: Certificate, Client Key Exchange, Certificate Verify, Change Cipher Spec, Encrypted Handshake Message
From server: Change Cipher Spec, Encrypted Handshake Message
Application data... Application data...
From server: Encrypted Alert
From client: Encrypted Alert
From server: [FIN, ACK]
From client: [RST, ACK]      <- There the client sends a reset.
From server: [RST]