MTLS-SPEC
Bidirectional TLS client + server.
Definition
mTLS relies on X.509 v3 certificate chains and the TLS 1.2/1.3 handshake CertificateRequest extension (RFC 8446 §4.3.2). Widely used in AS2/AS4 EDI, mTLS service mesh (Istio), critical B2B APIs. Client certificate management (rotation, revocation, HSM) is more complex than server-only TLS.
Origin
TLS 1.0 RFC 2246 (1999) already introduces CertificateRequest ; mTLS popularised with FAPI 2.0 Open Banking.
Example in context
A PEPPOL Access Point B verifies the client certificate of Access Point A during the AS4 mTLS handshake.
Related terms
- X.509 PKI — certificate infrastructure.