RFC 9440 - Client-Cert HTTP Header Field

Status: Informational
Published: July 2023

Abstract

This document describes HTTP extension header fields that allow a TLS terminating reverse proxy (TTRP) to convey the client certificate information of a mutually authenticated TLS connection to the origin server in a common and predictable manner.

Contents

• 1. Introduction
  • 1.1. Requirements Notation and Conventions
  • 1.2. Terminology and Applicability
• 2. HTTP Header Fields and Processing Rules
  • 2.1. Encoding
  • 2.2. Client-Cert HTTP Header Field
  • 2.3. Client-Cert-Chain HTTP Header Field
  • 2.4. Processing Rules
• 3. Deployment Considerations
  • 3.1. Header Field Compression
  • 3.2. Message Header Size
  • 3.3. TLS Session Resumption
• 4. Security Considerations
• 5. IANA Considerations
  • 5.1. HTTP Field Name Registrations
• 6. References
  • 6.1. Normative References
  • 6.2. Informative References
• Appendix A. Example
• Appendix B. Select Design Considerations
  • B.1. Field Injection
  • B.2. The Forwarded HTTP Extension
  • B.3. The Whole Certificate and Certificate Chain