Getting 413 errors on IIS with concurrent sessions using the same HTTPS client certificate

Question

I have the following problem.

I am hosting a WCF application on IIS 8 which accepts only HTTPS requests with client certificates. This service accep

Answer 1

Just a guess:

If client renegotiation is requested, the request entity body must be preloaded using SSL preload. SSL preload will use the value of the UploadReadAheadSize metabase property, which is used for ISAPI extensions. However, if UploadReadAheadSize is smaller than the content length, an HTTP 413 error is returned, and the connection is closed to prevent deadlock. (Deadlock occurs because a client is waiting to complete sending a request entity, while the server is waiting for renegotiation to complete, but renegotiation requires that the client to be able to send data, which it cannot do).

(From the article Client cannot renegotiate request and returns an HTTP 413 error (IIS 6.0).)

Client renegotiation occurs when SSLAlwaysNegoClientCert is not set, so use OpenSSL to check if it is enabled (see this question). I have not used IIS 8, but on IIS 7.5, both ways of enabling SSLAlwaysNegoClientCert from the question you linked work for me.