[
https://issues.apache.org/jira/browse/JAMES-3672?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Karsten Otto updated JAMES-3672:
--------------------------------
Description:
In order to limit access to trusted partners/users only, James should support
TLS with certificate-based client authentication.
For this purpose, TLS configuration is extended with the desired authentication
mode (none, optional, required), and the associated trust store to validate any
received client certificates. Example:
{code:java}
<tls socketTLS="true" startTLS="false">
<keystore>file://conf/keystore</keystore>
<keystoreType>JKS</keystoreType>
<secret>yoursecret</secret>
<clientAuth required="true">
<truststore>file://conf/truststore</truststore>
<truststoreType>JKS</truststoreType>
<truststoreSecret>yoursecret</truststoreSecret>
</clientAuth>
</tls>{code}
This is implemented mostly in {{AbstractConfigurableAsyncServer}} and
associated Netty infrastructure.
T-Shirt size M.
was:
In order to limit access to trusted partners/users only, James should support
TLS with certificate-based client authentication.
For this purpose, TLS configuration is extended with the desired authentication
mode (none, optional, required), and the associated trust store to validate any
received client certificates. Example:
{code:java}
<tls socketTLS="true" startTLS="false">
<keystore>file://conf/keystore</keystore>
<keystoreType>JKS</keystoreType>
<secret>yoursecret</secret>
<clientAuth required="true">
<truststore>file://conf/truststore</truststore>
<truststoreType>JKS</truststoreType>
<truststoreSecret>yoursecret</truststoreSecret>
</clientAuth>
</tls>{code}
This is implemented mostly in {{AbstractConfigurableAsyncServer}} and
associated Netty infrastructure.
T-Shirt size M.
> TLS authentication via client certificate
> -----------------------------------------
>
> Key: JAMES-3672
> URL: https://issues.apache.org/jira/browse/JAMES-3672
> Project: James Server
> Issue Type: Improvement
> Affects Versions: master
> Reporter: Karsten Otto
> Priority: Major
>
> In order to limit access to trusted partners/users only, James should support
> TLS with certificate-based client authentication.
> For this purpose, TLS configuration is extended with the desired
> authentication mode (none, optional, required), and the associated trust
> store to validate any received client certificates. Example:
> {code:java}
> <tls socketTLS="true" startTLS="false">
> <keystore>file://conf/keystore</keystore>
> <keystoreType>JKS</keystoreType>
> <secret>yoursecret</secret>
> <clientAuth required="true">
> <truststore>file://conf/truststore</truststore>
> <truststoreType>JKS</truststoreType>
> <truststoreSecret>yoursecret</truststoreSecret>
> </clientAuth>
> </tls>{code}
> This is implemented mostly in {{AbstractConfigurableAsyncServer}} and
> associated Netty infrastructure.
> T-Shirt size M.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org
