3.11.10. TLS_RequireClientCert Previous topic Parent topic Child topic Next topic

This is an optional flag, which is available only for servers. It specifies whether the server clause requires each client to present a valid client certificate during TLS handshake or not. If the client certificate is not a valid certificate, the TLS handshake fails and the TCP or SCTP connection is disconnected. Certificate validity is determined by the root certificates that are configured for the server clause with TLS_CAFile or TLS_CAPath, and other TLS configuration parameters, such as TLS_ExpectedPeerName and TLS_SubjectAltNameURI.
For compliance with RFC 6614, TLS_RequireClientCert is enabled by default for ServerRADSEC.