• Hi,
    When apache server is set with SSLVerifyClient require
    and TLSv1.3 then DAVx5 (download of yesterday) connection throw an error: “SSL_verify_client_post_handshake:extension not received .” This is related to a change in TLSv1.3 doing ‘post-handshake’ operation rather than a ‘renegotiation’

  • developer

    @jose Does TLS 1.3 now support client certificates? The last time I had a look it didn’t, so DAVx⁵ + client certificates can only be used with TLS 1.2 at the moment.

  • @rfc2822 Yes TLSv1.3 support client certificates (can check with openssl s_client) – yes DAVx5 works if the protocol of the server is downgraded to TLSv1.2. However, when the server announce TLSv1.3 it is used by Android and DAVx5 no more works

  • developer

    @jose Ok. Someone would have to check whether this works with current okhttp + Conscrypt versions and then TLS 1.3 could be activated for client certificates again.

Similar topics