Require client auth for ssl engines constructed by DefaultTlsContext

author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-02-06 12:28:52 +0100
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-02-14 14:15:37 +0100
commit: 9d78014b9468104781aca1241663a670e5eca8ec (patch)
tree: 8a0275e36010efa21288561ea2d804b72691531d /security-utils/src
parent: 1033173344e362a54d7c0c20b6fcca90aacc2da3 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java
index 2befd50332a..473e50bc128 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java
@@ -61,6 +61,7 @@ public class DefaultTlsContext implements TlsContext {
         SSLEngine sslEngine = sslContext.createSSLEngine();
         restrictSetOfEnabledCiphers(sslEngine, acceptedCiphers);
         restrictTlsProtocols(sslEngine);
+        sslEngine.setNeedClientAuth(true);
         return sslEngine;
     }
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-02-06 12:28:52 +0100
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-02-14 14:15:37 +0100
commit	9d78014b9468104781aca1241663a670e5eca8ec (patch)
tree	8a0275e36010efa21288561ea2d804b72691531d /security-utils/src
parent	1033173344e362a54d7c0c20b6fcca90aacc2da3 (diff)