On Tue, 20 Feb 2024 10:07:50 GMT, Valentin Brandl <[email protected]> wrote:
> I didn't know this. Is there any way to force the client to use mTLS or fail? None that I know of. But this would only be needed to detect misconfigured servers that don't ask for the client certificate when they are supposed to. If that's what you want to do, you can detect this after the fact by retrieving `HttpResponse#sslSession()` -> `SSLSession#getLocalCertificates()`. ------------- PR Comment: https://git.openjdk.org/jdk/pull/17923#issuecomment-1953954646
