Skip to content

Backport mutual TLS authentication support to v1.5 #7854

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Backport mutual TLS authentication support to v1.5 #7854

wants to merge 2 commits into from

Conversation

Aaronontheweb
Copy link
Member

Summary

This PR backports the mutual TLS authentication feature from PR #7851 (merged into dev) to the v1.5 branch.

Changes

  • Add config option (defaults to true for security-by-default)
  • Update to include property
  • Modify client TLS handler to provide certificate only when mutual TLS enabled
  • Modify server TLS handler to require and validate client certificates when enabled
  • Add comprehensive test suite for mutual TLS scenarios
  • Add client certificate for testing different certificate scenarios
  • Update security documentation with mutual TLS guidance

Why Backport?

Customers on the stable v1.5 release require this security feature for production deployments without waiting for the next major release.

Compatibility

  • Maintains backward compatibility when
  • Defaults to secure configuration (mutual TLS enabled)
  • No breaking changes for existing deployments that explicitly disable the feature

Testing

  • All mutual TLS tests included and adapted for v1.5
  • Tests verify both enabled and disabled scenarios
  • Tests confirm backward compatibility

Related to Freshdesk #538

@Aaronontheweb
Backport mutual TLS authentication support to v1.5
bb2a7a5 
- Add require-mutual-authentication config option (defaults to true)
- Update SslSettings to include RequireMutualAuthentication property
- Modify client TLS handler to provide certificate only when mutual TLS enabled
- Modify server TLS handler to require and validate client certificates when enabled
- Add comprehensive test suite for mutual TLS scenarios
- Add client certificate for testing different certificate scenarios
- Update security documentation with mutual TLS guidance

This is a backport of PR akkadotnet#7851 from the dev branch to v1.5 for customers
requiring this security feature in the stable release.
@Aaronontheweb
Remove ValidateCertificate call for v1.5 compatibility
bb147f9 
The ValidateCertificate method doesn't exist in v1.5 branch.
This was added in dev branch as part of the certificate validation
improvements but isn't needed for the core mutual TLS functionality.
@Aaronontheweb Aaronontheweb deleted the feature/v1.5-mutual-tls-enforcement branch October 3, 2025 19:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Aaronontheweb