Skip to main content
Cryptography

Return to Question

Post Timeline

Became Hot Network Question
Grammar of title
Link
edit approved yesterday
Stan
edit approved yesterday
Stan
  • 111
  • 1
  • 6

Does Must TLS v1.3 server must send intermediate certificate or not during a handshake?

added 251 characters in body
Source Link
ojacomarket
ojacomarket
  • 245
  • 1
  • 7

I have read TLS v1.3 RFC and haven't quite understood - does server certificate chain, that is sent to the client, MUST contain intermediate certificate or it is not a strict requirement (e.g. SHOULD or MAY)? I haven't found a reference for this question in the RFC.

The only info about that in RFC I found is:

The sender's certificate MUST come in the first CertificateEntry in the list. Each following certificate SHOULD directly certify the one immediately preceding it.

But SHOULD is not MUST!

I have read TLS v1.3 RFC and haven't quite understood - does server certificate chain, that is sent to the client, MUST contain intermediate certificate or it is not a strict requirement (e.g. SHOULD or MAY)? I haven't found a reference for this question in the RFC.

I have read TLS v1.3 RFC and haven't quite understood - does server certificate chain, that is sent to the client, MUST contain intermediate certificate or it is not a strict requirement (e.g. SHOULD or MAY)? I haven't found a reference for this question in the RFC.

The only info about that in RFC I found is:

The sender's certificate MUST come in the first CertificateEntry in the list. Each following certificate SHOULD directly certify the one immediately preceding it.

But SHOULD is not MUST!

Source Link
ojacomarket
ojacomarket
  • 245
  • 1
  • 7

Does TLS v1.3 server must send intermediate certificate or not during a handshake?

I have read TLS v1.3 RFC and haven't quite understood - does server certificate chain, that is sent to the client, MUST contain intermediate certificate or it is not a strict requirement (e.g. SHOULD or MAY)? I haven't found a reference for this question in the RFC.