I don't think they'd be much help. Even with client certificates, information will still leak via compression, and so an attacker will still be able to get CSRF tokens and then use them then forge requests via the user's own browser.