my company developed a .net based application (relying on SChannel) aimed at performing TLS1.2 mutual authentication between 2 instances of the same SW, one acting as client and the other one as server in the TLS1.2 mutual authentication session.
Both client and server SW instances were deployed on different Windows OS servers (2008R2 and 2012R2).
We have tested successfully the application on a Windows Server 2008 R2 OS (both "client" and "server" SW instances running on WIN 2008R2 OS); in that case, the Server provides, within the initial "Server Hello" message of the TLS1.2 handshake under the "Certificate Request" section, a list of "Distinguished Names" which matches the content of the Trusted Root CA Certificate Store (Local Computer) running on that same server, as per TLS1.2 RFC standard.
However, when running the same application (using the same set of certs) on a Win2012 R2 OS environment, during the Server Hello message, the Certificate Request part keeps returning an empty DN list (that is, 0 certificate being listed), even if the same set of Trusted Root CA are available in the Trusted Root CA Store (Local Computer).
When the SW acts as client in the TLS1.2 handshake, running on either 2008R2 or 2012R2, the SW is able successfully to use a client-authentication certificate made available / installed under the Local Computer -> Personal -> Certificates.
I was not involved in the code development of the program cryptographic feature, but I have the feeling that I might just be missing some additional settings introduced at OS level when moving from 2008R2 to 2012R2 rather that having a SW issue - hence I was wondering if anyone could suggest possible OS settings that might need to be adapted.
Thank you
