From 9d78014b9468104781aca1241663a670e5eca8ec Mon Sep 17 00:00:00 2001
From: Bjørn Christian Seime <bjorncs@verizonmedia.com>
Date: Wed, 6 Feb 2019 12:28:52 +0100
Subject: Require client auth for ssl engines constructed by DefaultTlsContext

---
 .../src/main/java/com/yahoo/security/tls/DefaultTlsContext.java          | 1 +
 1 file changed, 1 insertion(+)

(limited to 'security-utils')

diff --git a/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java
index 2befd50332a..473e50bc128 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java
@@ -61,6 +61,7 @@ public class DefaultTlsContext implements TlsContext {
         SSLEngine sslEngine = sslContext.createSSLEngine();
         restrictSetOfEnabledCiphers(sslEngine, acceptedCiphers);
         restrictTlsProtocols(sslEngine);
+        sslEngine.setNeedClientAuth(true);
         return sslEngine;
     }
 
-- 
cgit v1.2.3