0 Replies Latest reply on May 9, 2006 2:48 PM by ko5tik

    SSL with client authentication & DomainServerSocketFactory

    ko5tik

      Hi all,

      I'm investigating a way to generally enable SSL with client authentication
      between servers ( Yes, there is an CSO and he is the person able to get
      every border closed ;) ). Wiki says:
      ( http://wiki.jboss.org/wiki/Wiki.jsp?page=JMSOverSSL )
      -------------%<--------------------
      You would need your own SSLServerSocketFactory as JBoss's org.jboss.security.ssl.DomainServerSocketFactory? does not perform or allow this configuration
      --------------%<------------------

      But hte funny thing is that :
      http://fisheye.jboss.com/viewrep/JBoss/jbosssx/src/main/org/jboss/security/ssl/DomainServerSocketFactory.java?r=1.10.4.7

      There I can see that atributes ( [needs|wants]ClientAuth ) are there, used and hardwired. And somehow I see no way to configure them externally.

      Is it bug? Feature? Is it considered dangerous?

      tia,