Someone can correct me if I am wrong but this probably happens with a self
signed certificate. They are anonymous by nature because no certificate
authority will certify it.
Sent from my iPad
On May 24, 2013, at 8:52 AM, "Rajiv Kasera" <rajiv.kas...@pinelabs.com> wrote:
> Hi,
>
> I am using SSLFilter for enabling SSL on my mina server. On Vulnerability
> assessment the report indicated “SSL Server Allows Anonymous Authentication
> Vulnerability”. Can someone suggest on what configuration changes can prevent
> this vulnerability.
>
> Below is the code snippet for enabling sslfilter:
>
> SslFilter sslFilter = new SslFilter(new
> SSLContextGenerator().getSslContext());
> sslFilter.setUseClientMode(false);
> sslFilter.setEnabledCipherSuites(strCiphers);
> chain.addLast("sslFilter", sslFilter);
>
> I tried sslFilter.setNeedClientAuth(true) but it does not work.
>
> Thanks,
> Rajiv
