Comment by aborsy
I would note that, although obviously the confidentiality in TLS is based on public key cryptography, authentication by mTLS doesn’t reach the cryptography part.
The process starts with a client and server hello. Then the server sends its certificate to the client, and the client sends its certificate to the server. The server verifies that the client’s certificate is signed by a certificate authority in its trust store. That’s the authentication part. The client’s private key is not used.
The confidentiality comes next if authentication is successful.
I asked because X509 certificates are complex and difficult to securely parse. Also mTLS is rarely used.
PostgreSQL uses OpenSSL for TLS: https://www.postgresql.org/docs/devel/install-requirements.h...
> The client’s private key is not used.
This whole section is incorrect. It's called mutual TLS. The client's private key is used to prove to the server it has the private key for the public key it's handing to the server. Just like the server has to prove to the client, it has the private key to the public cert it hands out.
Otherwise there is no authentication going on at all.
See the RFC: https://www.rfc-editor.org/rfc/rfc8446 If you are unfamiliar with RFC's, see Section 4.4 and Appendix E.1, which talk about client auth and the handshake respectively.
> I asked because X509 certificates are complex and difficult to securely parse
Yes, but that's why PG relies on OpenSSL to do that work for them. It's widely deployed, even using client certificates. X.509 is used with client certificates by at least 3.5M active personnel with the US DoD via their Common Access Card, as one widely used example.
> Also mTLS is rarely used.
Mutual TLS or client auth is not often used in the browser context, because the browsers have miserable UX around it. I wish that would change, but I'm one of the very few.
It's regularly used outside of the browser context though. Lots of B2B and Service Oriented Architectures use it.