0003267: UA https transport should require client certificate

ID	Project	Category	View Status	Date Submitted	Last Update

0003267	Feature Requests	Feature Request	public	2016-01-12 13:01	2021-12-21 17:53

Reporter	Bernd Edlinger	Assigned To	Jim Luth
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	no change required

Summary	0003267: UA https transport should require client certificate
Description	Currently, the UA https client does not need to have a certificate. Only the UA https server needs to have a certificate & private key. However I think that configuration is mostly good for browsers and web servers, but it does not protect the UA server against unauthorized accesses at all. It should not be possible to open an encrypted communication channel unless both parties authenticate each other first, requiring both to prove they have a certificate & private key pair.
Tags	No tags attached.

Commit Version
Fix Due Date

Date Modified	Username	Field	Change
2016-01-12 13:01	Bernd Edlinger	New Issue
2021-04-14 17:42	Jim Luth	Project	UA => Feature Requests
2021-12-21 17:52	Jim Luth	Note Added: 0015600
2021-12-21 17:53	Jim Luth	Assigned To	=> Jim Luth
2021-12-21 17:53	Jim Luth	Status	new => closed
2021-12-21 17:53	Jim Luth	Resolution	open => no change required
2021-12-21 17:53	Jim Luth	Note Added: 0015601

Jim Luth 2021-12-21 17:52 administrator ~0015600	Create Session / Activate session allows the mutual authentication. There is no need to mandate this at the transport level.

Jim Luth 2021-12-21 17:53 administrator ~0015601	Agreed to no change required.