(mTLS) Can Traefik return a 401 response when client certificate is bad/not provided?

Hi there,

We are using a Docker container instance of Traefik for Mutual TLS Auth.

At present, when a bad certificate is provided, or none is provided at all, we receive a TLS handshake error log in the container, and an ERR_BAD_SSL_CLIENT_AUTH_CERT 200 response.

Does Traefik support the ability to return a 401 response if the certificate provided fails to authenticate?

Thanks,
Brodie

Hello @brodiem0 and thanks for your interest in Traefik,

Unfortunately, this is not possible because the validation of the client certificate is done during the TLS handshake which happens before forwarding the request to the HTTP stack. So, this is why it is not possible to return a 401 in that case.