Win2012R2 TLS1.2 Mutual authentication - change cipher specs from server side after no certificate from client?

Question

I am testing a .net based application running on a Win2012r2 server providing a http-based web services and relying on windows's SChannel for implementing tls1.2 mutual authentication against tls1.2 only capable clients.

Mutual authentication has been working so far very nicely (client certificate are properly validated against the list of trusted issuers defined and active on the local computer certificate store).

Yesterday I came across the following scenario that somehow puzzles me: even if the client is presenting a certificate length of 0, the handshake seems to be technically successful and does not result in an Handshake Failure or an Handshake alert:

• (on server side) Server Hello, Certificate, Server Key Exchange, Certificate Request, Server Hello Done;
• (on client side) Certificate, Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message (however the test client is not providing any client certificate - client certificate length of 0 - during the handshake);
• (on server side): change cipher spec, Encrypted Handshake message;

Why is the Server side not terminating the handshake (Handshake failure or alert) after getting no client certificate ?

Could it just be the way that wireshark is interpreting / parsing the handshake process ?

Is this something configurable / tunable at SChannel level or can only be adjusted at application level ?

Answer 1

It is fully valid that the client responds to a certificate request by the server with an empty certificate. It is up to the server how to deal with this case, i.e. if it will treat a client certificate as optional or if the certificate is required.

I'm not familiar with SChannel but with OpenSSL you can set SSL_VERIFY_FAIL_IF_NO_PEER_CERT in SSL_CTX_set_verify if you want to make the server fail if no client certificate is send if you set SSL_VERIFY_PEER only than the client certificate is optional.

SChannel has probably a similar mechanism but it is up to the application to use it. Thus look into the configuration of your HTTP server. In case of IIS this is described in the documentation which says that you can configure client certificates to be ignored, accepted or required by the server.