Tuesday, August 22, 2023

mTLS: When certificate authentication is done wrong

https://github.blog/2023-08-17-mtls-when-certificate-authentication-is-done-wrong/

In 2023 I spent some time researching x509 certificate authentication, which resulted in a number of vulnerabilities in open source projects. The details are in the article I wrote at GitHub.