We are trying to set up client cert authentication via Yubikey. Basically, the YubiKey holds the client cert and when plugged in, you can auth to a server.
Apache seems to do this right, as the server responds with a "SSL peer handshake failed" response and allows you to choose a client cert and restart the SSL connection.
Nginx seems to end the connection and return a 400 error, making it impossible to use the YubiKey certificate.
Is there a way to configure Nginx to break the SSL handshake when a client cert is not presented / fails to verify? Has anyone else run into this issue?
Apache seems to do this right, as the server responds with a "SSL peer handshake failed" response and allows you to choose a client cert and restart the SSL connection.
Nginx seems to end the connection and return a 400 error, making it impossible to use the YubiKey certificate.
Is there a way to configure Nginx to break the SSL handshake when a client cert is not presented / fails to verify? Has anyone else run into this issue?