Archived Forum Post

Index of archived forum posts

Question:

Does Chilkat support Two-Way TLS?

Oct 24 '12 at 12:40

Is two-way TLS supported by Chilkat?


Answer

Two-way TLS is another name for "client certificates".

Yes, all Chilkat classes/objects that support TLS (POP3, SMTP, FTP, HTTP, IMAP, etc.) also provide the ability to provide client certificates.

Here is an explanation of client-side certificates from https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet

Client side certificates can be used with TLS to prove the identity of the client to the server. Referred to as "two-way TLS", this configuration requires the client to provide their certificate to the server, in addition to the server providing their's to the client. If client certificates are used, ensure that the same validation of the client certificate is performed by the server, as indicated for the validation of server certificates above. In addition, the server should be configured to drop the TLS connection if the client certificate cannot be verified or is not provided.

The use of client side certificates is relatively rare currently due to the complexities of certificate generation, safe distribution, client side configuration, certificate revocation and reissuance, and the fact that clients can only authenticate on machines where their client side certificate is installed. Such certificates are typically used for very high value connections that have small user populations.