SSL/TLS Handshake
https://www.thesslstore.com/blog/explaining-ssl-handshake/
The “Change Cipher Spec” message lets the other party know that it has generated the session key and is going to switch to encrypted communication.
https://www.thesslstore.com/blog/tls-handshake-failed/
https://thesecmaster.com/decoding-tls-v1-2-protocol-handshake-with-wireshark/
After the client receives the server encrypted key. It will respond with the client encrypted key. It also sends change cipher spec. What it means is that it has enough information to start encrypted communication, and it is going to send the data with encryption from now onwards. Till now, the communication was plain text. After this, communication will happen with encryption. After the server receives the change cipher spec message, it expects encrypted data from the client.
https://doc.openresty.com/en/edge/edge-admin/cert/client-cert/
Yes: Force client certificate verification, if there is no client certificate or incorrect client certificate, 400 error code will be returned directly.
$ curl -vik https://<www.example.com>/desktop/home
* Trying 10.40.125.118...
< HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
< Date: Fri, 17 Mar 2023 10:36:33 GMT
Date: Fri, 17 Mar 2023 10:36:33 GMT
<
<head><title>400 The SSL certificate error</title></head> <body>400 Bad Request
-
Closing connection 0
-
TLSv1.2 (OUT), TLS alert, close notify (256):
浙公网安备 33010602011771号