Is it possible to make two-way SSL asynchronous?

After the client verifies the server ssl certificate is correct, it can establish a connection successfully and the client can start to publish messages. This process is like one-way SSL.

Then the server would check the client ssl certificate asynchronously. And during the checking time, the client could publish messages normally, and the server could process these messages and response ACK. Once the server asynchronously find something wrong with the client ssl certificate, then the server would terminate the connection with client.

Can such this requirement be achieved? If possible, how should I do?

Thanks for your help!

CodePudding user response：

The server can request a client certificate inside the initial TLS handshake but not verify the client certificate inside the handshake, i.e. it is verified outside the TLS handshake. This method is in practice for example used to successfully establish a TLS connection only to send a useful error message to the client instead of just closing the connection.

Another method is have the initial TLS handshake without requesting a client certificate but later request it by doing a TLS renegotiation (or post-handshake in TLS 1.3, see comment from dave_thompson_085). This is for example used to request a client certificate only for specific resources - but in order to know which resource the client requested application data from the client need to be read first.