Objective
Normal SSL/TLS applications are sending the client certificates in plaintext when the client authenticates, which is a privacy issue.
There is now a solution called EncryptedClientAuthentication :
How to do it
- do the initial handshake without client auth