MTLS-SPEC-DETAIL
Reciprocal client/server certificate auth.
Definition
mTLS relies on TLS 1.2+ Client Certificate Request (RFC 5246 §7.4.4). Client sends Certificate message after ServerHelloDone. Authentication pivot in AS2 (RFC 4130), Istio Service Mesh (Citadel), MQTT IoT, OAuth FAPI (RFC 8705 tls_client_auth). Implemented in nginx, HAProxy, Envoy.
Origin
TLS Client Certificate Authentication formalised in TLS 1.0 (RFC 2246, 1999).
Example in context
An AS2 partner receives X.509 client certificate from counterparty — mTLS handshake before signed MIME exchange.
Related terms
- mTLS — parent concept.