You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by "Keith Wall (Jira)" <ji...@apache.org> on 2020/04/29 10:43:00 UTC

[jira] [Created] (DISPATCH-1635) Allow listener to specify an optional request for TLS client auth

Keith Wall created DISPATCH-1635:
------------------------------------

             Summary: Allow listener to specify an optional request for TLS client auth
                 Key: DISPATCH-1635
                 URL: https://issues.apache.org/jira/browse/DISPATCH-1635
             Project: Qpid Dispatch
          Issue Type: Improvement
            Reporter: Keith Wall


Dispatch Router currently allows the user to configure a *mandatory requirement* that TLS client authentication must be used for connections to a TLS port.

For some use-cases it is desirable for some clients to use TLS client-auth and some clients to authenticate via other means. In Java parlance this mode of operation is describing as [Wanting|https://docs.oracle.com/en/java/javase/11/docs/api/java.base/javax/net/ssl/SSLServerSocket.html#setWantClientAuth(boolean)] TLS client auth rather than [Needing|https://docs.oracle.com/en/java/javase/11/docs/api/java.base/javax/net/ssl/SSLServerSocket.html#setNeedClientAuth(boolean)].

It would be convenient if the configuration of TLS client auth in Dispatch Router permitted the Want semantics.

Currently with Dispatch Router to achieve this you need to configure two TLS listeners, one with authenticatePeer: yes set true and the other not.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org