[ https://issues.apache.org/jira/browse/JAMES-3672?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Karsten Otto updated JAMES-3672: -------------------------------- Description: In order to limit access to trusted partners/users only, James should support TLS with certificate-based client authentication. For this purpose, TLS configuration is extended with the desired authentication mode (none, optional, required), and the associated trust store to validate any received client certificates. Example: {code:java} <tls socketTLS="true" startTLS="false"> <keystore>file://conf/keystore</keystore> <keystoreType>JKS</keystoreType> <secret>yoursecret</secret> <clientAuth required="true"> <truststore>file://conf/truststore</truststore> <truststoreType>JKS</truststoreType> <truststoreSecret>yoursecret</truststoreSecret> </clientAuth> </tls>{code} This is implemented mostly in {{AbstractConfigurableAsyncServer}} and associated Netty infrastructure. T-Shirt size M. was: In order to limit access to trusted partners/users only, James should support TLS with certificate-based client authentication. For this purpose, TLS configuration is extended with the desired authentication mode (none, optional, required), and the associated trust store to validate any received client certificates. Example: {code:java} <tls socketTLS="true" startTLS="false"> <keystore>file://conf/keystore</keystore> <keystoreType>JKS</keystoreType> <secret>yoursecret</secret> <clientAuth required="true"> <truststore>file://conf/truststore</truststore> <truststoreType>JKS</truststoreType> <truststoreSecret>yoursecret</truststoreSecret> </clientAuth> </tls>{code} This is implemented mostly in {{AbstractConfigurableAsyncServer}} and associated Netty infrastructure. T-Shirt size M. > TLS authentication via client certificate > ----------------------------------------- > > Key: JAMES-3672 > URL: https://issues.apache.org/jira/browse/JAMES-3672 > Project: James Server > Issue Type: Improvement > Affects Versions: master > Reporter: Karsten Otto > Priority: Major > > In order to limit access to trusted partners/users only, James should support > TLS with certificate-based client authentication. > For this purpose, TLS configuration is extended with the desired > authentication mode (none, optional, required), and the associated trust > store to validate any received client certificates. Example: > {code:java} > <tls socketTLS="true" startTLS="false"> > <keystore>file://conf/keystore</keystore> > <keystoreType>JKS</keystoreType> > <secret>yoursecret</secret> > <clientAuth required="true"> > <truststore>file://conf/truststore</truststore> > <truststoreType>JKS</truststoreType> > <truststoreSecret>yoursecret</truststoreSecret> > </clientAuth> > </tls>{code} > This is implemented mostly in {{AbstractConfigurableAsyncServer}} and > associated Netty infrastructure. > T-Shirt size M. -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org