CLIENT AUTHENTICATION

Client Authentication is used in the server: If the server is using a client certificate, you need to send the client certificate during the authentication process.

• Client Certificate File: Client certificates are digital certificates used to identify a client to a respective user, which means authenticating the client to the server. Client certificates are utilized for the validation of a user’s identity to the server. It is basically a file, protected with a password and loaded onto a client application. Cavisson support the following file extensions for client certificate .pem,.cer,.crt,.p7b,.p7r,.p12,.pfx.
  
  Your certificate would typically contain information like a digital signature, expiration date, name of the client, name of CA certificate (Certificate Authority), SSL/TLS version number, serial number, etc.
  
  You can also upload the new certificate by clicking on the upload button.
• Use Separate Key File: It is an automatically-created key that is generated with the certificate signing request (CSR) and goes into the certificate. To use the separate key file, enable this checkbox.
  You can either select from the existing certificate or upload the new key by clicking on the upload button.

ADVANCED SETTINGS

SSL Version

All versions include SSLV3, TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3. The server may select any one of these versions. HTTP/3 protocol will use the TLS 1.3 version only. TLS 1.3 is not supported for Ubuntu 16 and RHEL Operating systems.

SSL Sessions Reuse

If your application needs many SSL/TLS connections to the same server within a short time, the SSL/TLS protocol allows you to reuse a previous SSL/TLS session. You can give the percentage of sessions which will reuse the ssl connection. By default, we will use 100% of sessions.

Set TLS SNI (Server Name Indication) extension in the ClientHello message

This option allows a server to present multiple certificates on the same IP address and TCP Port number, hence allowing multiple secure websites to be served by the same IP address. SNI is used at the time of handshake.

SSL Renegotiation

On an SSL connection, a renegotiation can occur to request for new cipher suites or key materials. To renegotiate :

• A Client will send a ClientHello over its existing SSL connection
• A Server will send a HelloRequest and expects a Client to renegotiate with a ClientHello quickly.