kwik icon indicating copy to clipboard operation
kwik copied to clipboard
verified publisher icon ptrd

Feature Request: Add Server-Side Client Certificate Authentication (mTLS) Support

Open hauges opened this issue 5 months ago • 1 comments

Description

Kwik currently supports TLS 1.3 for QUIC connections but does not appear to offer server-side client certificate verification (mTLS).

Proposed Enhancement

Add the ability for the QUIC server to request and verify a client certificate during the TLS 1.3 handshake.

References

https://www.rfc-editor.org/rfc/rfc8446#section-4.3.2 https://www.rfc-editor.org/rfc/rfc8446#section-4.4.2

hauges avatar Aug 13 '25 13:08 hauges

First, you are right: Kwik server does not yet support client authentication. Also, I agree adding this would be a good idea. However, it will be quite some work to include this properly and securely (making a happy path POC won't take too long I guess, but only then the real work starts) and i'm not sure when I can find time to implement this.

Cheers, Peter

ptrd avatar Aug 31 '25 20:08 ptrd