Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Enforce sending of TLS client certificate

floyd Dec 03, 2018 11:47AM UTC

When configuring a TLS client certificate in Burp, it is only used when the server requests it in the TLS handshake. However, it would be very helpful if there would be a checkbox, which enforces usage of the TLS client certificate for certain hostnames. There are servers that don't request one in the TLS handshake, but require one to be sent by the client.

Paul Johnston Dec 06, 2018 02:32PM UTC Support Center agent

That sounds like a good idea. It’s difficult to do this with the Java SSL stack, but if implement an alternative stack based on Bouncy Castle, that would be a useful feature.

Post Your public answer

Your name
Your email address