3

Basically what the above says, assuming the eavesdropper must be completely passive, and cannot connect to the server to check if the server requires a client certificate.

Nathan Ringo
  • 207
  • 1
  • 6

2 Answers2

7

Yes, the client certificate is sent in the clear if the server sent a certificate request.

Some servers (IIRC, Microsoft IIS) first perform handshake with no user authentication and then start a renegotiation asking for client certificate. The renegotiation is thus encrypted using the cipher suite negotiated in step 1 and the client certificate is encrypted on the wire.

If in doubt, use wireshark.

Z.T.
  • 7,963
  • 1
  • 22
  • 36
4

TLS handshake protocol in brief:

enter image description here

All the exchange you see before the step 9 (including the certificate exchange) is vulnerable because only after it the channel is secured.

P.S. You may be interested in reading this.