Has anyone given any thought to the use of reactive Client Cert
authentication with HTTP/2?
The HTTP/2 spec says:
"A deployment of HTTP/2 over TLS 1.2 MUST disable renegotiation. An
endpoint MUST treat a TLS renegotiation as a connection error
(Section 5.4.1) of type PROTOCOL_ERROR."
And:
"An endpoint MAY use renegotiation to provide confidentiality
protection for client credentials offered in the handshake, but any
renegotiation MUST occur prior to sending the connection preface. A
server SHOULD request a client certificate if it sees a renegotiation
request immediately after establishing a connection.
This effectively prevents the use of renegotiation in response to a
request for a specific protected resource. A future specification
might provide a way to support this use case. Alternatively, a
server might use an error (Section 5.4) of type HTTP_1_1_REQUIRED to
request the client use a protocol that supports renegotiation."
I tested out the use of the HTTP_1_1_REQUIRED error code, and it
appears that Chrome and Firefox don't support it, which means that at
the moment it does not really seem possible to perform reactive client
cert authentication when HTTP/2 is enabled (the certificate has to be
requested immediately, you can't renegotiate when first hitting a
protected resource).
TLS 1.3 should solve this problem as it allows client certificates to
be requested without a renegotiation, however this will not be part of
JDK8 (and not JDK9 either AFAIK).
I am not sure if there is much we can do about this, but I just
thought I would bring it up to see if anyone else had been thinking
about it.
Stuart