MTLS doesn't work with HTTP/3

Answer these questions to help the Community help you with Security questions.

What is the domain name?
N/A

Have you searched for an answer?
Yes

Please share your search results url:

When you tested your domain, what were the results?

Inconsistency.

Describe the issue you are having:

After a few months of inconsistent results with mtls. I realized after looking at the above Cloudflare documentation that MTLS doesn’t work with http/3.

Using chrome on Android I would get a cert prompt and then it would work until chrome would end up forgetting a few hours later and it would not prompt for the cert again which resulted in my WAF rule blocking the request. The only way to fix this if I was lucky was to force stop chrome and clear cache.

Once I turned off http/3 I haven’t had any issues since.

What steps have you taken to resolve the issue?

  1. Turn off http/3

My question is why doesn’t MTLS work with http/3?

1 Like

Did you end up finding the answer to this? I am having the same issue.

Have set up client certificate via main dashboard. Then created access policy in Zero-Trust to allow only if valid certificate detected. Works fine in Home Assistant android app (I can close and reopen the app). However it only really works once in Chrome. You are prompted for the cert to authenticate. Then if you close the browser and reopen you do not get prompted but you are also blocked from connecting. Only clearing caching, removing and readding cert to force the prompt again lets it work.

Disabled QUIC flag in Chrome and it is working normally. Same behavior in Edge but I have not disabled HTTP3 there, not sure if you can.

The only answer I found was to disable http3. Haven’t had issues since. I also use home assistant :slight_smile: with mtls.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.