RFC Errata
RFC 8446, "The Transport Layer Security (TLS) Protocol Version 1.3", August 2018
Source of RFC: tls (sec)
Errata ID: 6401
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Eric Covener
Date Reported: 2021-01-20
Held for Document Update by: Paul Wouters
Date Held: 2024-03-29
Section 4.6.2 says:
When the client has sent the "post_handshake_auth" extension (see Section 4.2.6), a server MAY request client authentication at any time after the handshake has completed by sending a CertificateRequest message.
It should say:
When the client has sent the "post_handshake_auth" extension (see Section 4.2.6), a server MAY request client authentication during the main handshake and/or at any time after the handshake has completed by sending a CertificateRequest message.
Notes:
4.6.2 is ambiguous as to whether it forbids "main handshake" (mid-handshake) client
authentication when the client has sent the "post_handshake_auth" extension. I think
the language would be stronger if it were really forbidden, and openssl s_server permits
this behavior and rfc8740 implies it as well.
The "main handshake" language is adopted from 4.3.2 but "main" could be dropped as
"handshake" is not ambiguous in 1.3 due to no renegotiation.