You are viewing a plain text version of this content. The canonical link for it is here.

Posted to server-dev@james.apache.org by "Karsten Otto (Jira)" <se...@james.apache.org> on 2021/11/16 09:45:00 UTC

[jira] [Created] (JAMES-3672) TLS authentication via client certificate

Karsten Otto created JAMES-3672:
-----------------------------------

             Summary: TLS authentication via client certificate
                 Key: JAMES-3672
                 URL: https://issues.apache.org/jira/browse/JAMES-3672
             Project: James Server
          Issue Type: Improvement
    Affects Versions: master
            Reporter: Karsten Otto


In order to limit access to trusted partners/users only, James should support TLS with certificate-based client authentication.

For this purpose, TLS configuration is extended with the desired authentication mode (none, optional, required), and the associated trust store to validate any received client certificates. Example:

 
{code:java}
<tls socketTLS="true" startTLS="false">
  <keystore>file://conf/keystore</keystore>
  <keystoreType>JKS</keystoreType>
  <secret>yoursecret</secret>

  <clientAuth required="true">
    <truststore>file://conf/truststore</truststore>
    <truststoreType>JKS</truststoreType>
    <truststoreSecret>yoursecret</truststoreSecret>
  </clientAuth>
</tls>{code}
 

 

This is implemented mostly in {{AbstractConfigurableAsyncServer}} and associated Netty infrastructure.

T-Shirt size M.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org