Hi all,
I'm investigating a way to generally enable SSL with client authentication
between servers ( Yes, there is an CSO and he is the person able to get
every border closed ;) ). Wiki says:
( http://wiki.jboss.org/wiki/Wiki.jsp?page=JMSOverSSL )
-------------%<--------------------
You would need your own SSLServerSocketFactory as JBoss's org.jboss.security.ssl.DomainServerSocketFactory? does not perform or allow this configuration
--------------%<------------------
But hte funny thing is that :
http://fisheye.jboss.com/viewrep/JBoss/jbosssx/src/main/org/jboss/security/ssl/DomainServerSocketFactory.java?r=1.10.4.7
There I can see that atributes ( [needs|wants]ClientAuth ) are there, used and hardwired. And somehow I see no way to configure them externally.
Is it bug? Feature? Is it considered dangerous?
tia,