HTTP/2 servers MUST NOT
send post-handshake TLS 1.3 CertificateRequest messages. HTTP/2 clients MUST
treat such messages as connection errors (see Section 5.4.1
of RFC 7540
) of type PROTOCOL_ERROR.
] permitted renegotiation before the HTTP/2 connection preface to provide confidentiality of the client certificate. TLS 1.3 encrypts the client certificate in the initial handshake, so this is no longer necessary. HTTP/2 servers MUST NOT
send post-handshake TLS 1.3 CertificateRequest messages before the connection preface.
The above applies even if the client offered the post_handshake_auth
TLS extension. This extension is advertised independently of the selected Application-Layer Protocol Negotiation (ALPN) protocol [RFC 7301
], so it is not sufficient to resolve the conflict with HTTP/2. HTTP/2 clients that also offer other ALPN protocols, notably HTTP/1.1, in a TLS ClientHello MAY
include the post_handshake_auth
extension to support those other protocols. This does not indicate support in HTTP/2.