💾 Archived View for station.martinrue.com › clseibold › 0f5a67d0d6724317b0151c587979b305 captured on 2024-07-09 at 01:38:20. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2024-06-16)

➡️ Next capture (2024-08-18)

🚧 View Differences

-=-=-=-=-=-=-

👽 clseibold

I always found it wierd that client certs were sent in the clear in TLS 1.2, but according to what I seen on Stack Overflow, the fact that TLS 1.2 does this isn't actually so bad because clients still have to prove they own the cert by signing some data unique to the session. Does anyone else know more about this and can verify if this information is accurate?

9 months ago

Actions

👋 Join Station

1 Reply

👽 clseibold

Now that I think about it, it is still a privacy issue, just not a security one, I suppose. · 9 months ago