Just clarifying on the previous comment. From the release notes I've seen in the bionic package, I understand this fix does:
> - debian/patches/tlsv1.3-support-3.patch: fail with 403 if
> SSL_verify_client_post_handshake fails in
> modules/ssl/ssl_engine_kernel.c.
However, when authentication is optional (SSLVerifyClient optional) and no client authentication is provided, it MUST NOT count as a failure and request processing should continue...
Hi,
Just clarifying on the previous comment. From the release notes I've seen in the bionic package, I understand this fix does: patches/ tlsv1.3- support- 3.patch: fail with 403 if client_ post_handshake fails in ssl/ssl_ engine_ kernel. c.
> - debian/
> SSL_verify_
> modules/
However, when authentication is optional (SSLVerifyClient optional) and no client authentication is provided, it MUST NOT count as a failure and request processing should continue...
Cheers,
Vlad