No, but authenticating that the identity in the certificate is one that you want to talk to does. Only the application can do this. It is a much under-appreciated and much omitted requirement of systems using SSL.
Does requiring a client certificate effectively eliminate MITM attack?
-
04-07-2022 - |
質問
We have implemented and successfully verified client side certificate checking with an iOS7 app and Apache server. The question is: is this enough to counter a MITM attack or should we also implement some kind of certificate check (like outlined here https://web.archive.org/web/20140217232458/http://www.inmite.eu/en/blog/20120314-how-to-validate-ssl-certificates-iOS-client )
解決
所属していません StackOverflow