Require client auth for ssl engines constructed by DefaultTlsContext

author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-02-06 12:28:52 +0100
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-02-19 17:00:32 +0100
commit: a96d6d67ca5d0e4d85dba3dcf0e0fe51336373f8 (patch)
tree: 4174db8ce3040617282490be4ff52f33a624788b /security-utils
parent: a0a9406a7c298ab8be4cf556e1a7b441e1eeffa7 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java
index 2befd50332a..473e50bc128 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java
@@ -61,6 +61,7 @@ public class DefaultTlsContext implements TlsContext {
         SSLEngine sslEngine = sslContext.createSSLEngine();
         restrictSetOfEnabledCiphers(sslEngine, acceptedCiphers);
         restrictTlsProtocols(sslEngine);
+        sslEngine.setNeedClientAuth(true);
         return sslEngine;
     }
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-02-06 12:28:52 +0100
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-02-19 17:00:32 +0100
commit	a96d6d67ca5d0e4d85dba3dcf0e0fe51336373f8 (patch)
tree	4174db8ce3040617282490be4ff52f33a624788b /security-utils
parent	a0a9406a7c298ab8be4cf556e1a7b441e1eeffa7 (diff)