https://stackoverflow.com/questions/19796771
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianNo, but authenticating that the identity in the certificate is one that you want to talk to does. Only the application can do this. It is a much under-appreciated and much omitted requirement of systems using SSL.
Does requiring a client certificate effectively eliminate MITM attack?
-
04-07-2022 - |
Question
We have implemented and successfully verified client side certificate checking with an iOS7 app and Apache server. The question is: is this enough to counter a MITM attack or should we also implement some kind of certificate check (like outlined here https://web.archive.org/web/20140217232458/http://www.inmite.eu/en/blog/20120314-how-to-validate-ssl-certificates-iOS-client )
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
