diff options
| author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-02-06 12:28:52 +0100 |
|---|---|---|
| committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-02-19 17:00:32 +0100 |
| commit | a96d6d67ca5d0e4d85dba3dcf0e0fe51336373f8 (patch) | |
| tree | 4174db8ce3040617282490be4ff52f33a624788b | |
| parent | a0a9406a7c298ab8be4cf556e1a7b441e1eeffa7 (diff) | |
Require client auth for ssl engines constructed by DefaultTlsContext
| -rw-r--r-- | jrt/src/com/yahoo/jrt/TlsCryptoEngine.java | 1 | ||||
| -rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java | 1 |
2 files changed, 1 insertions, 1 deletions
diff --git a/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java b/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java index 41302a4c725..84fbb7d4f01 100644 --- a/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java +++ b/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java @@ -22,7 +22,6 @@ public class TlsCryptoEngine implements CryptoEngine { @Override public TlsCryptoSocket createCryptoSocket(SocketChannel channel, boolean isServer) { SSLEngine sslEngine = tlsContext.createSslEngine(); - sslEngine.setNeedClientAuth(true); sslEngine.setUseClientMode(!isServer); return new TlsCryptoSocket(channel, sslEngine); } diff --git a/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java index 2befd50332a..473e50bc128 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java @@ -61,6 +61,7 @@ public class DefaultTlsContext implements TlsContext { SSLEngine sslEngine = sslContext.createSSLEngine(); restrictSetOfEnabledCiphers(sslEngine, acceptedCiphers); restrictTlsProtocols(sslEngine); + sslEngine.setNeedClientAuth(true); return sslEngine; } |