Uploaded image for project: 'Bitbucket Server'
  1. Bitbucket Server
  2. BSERV-12455

SSL documentation should clarify that server.ssl.client-auth is an optional setting

    XMLWordPrintable

    Details

    • UIS:
      11
    • Feedback Policy:
      We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Description

      Problem Definition

      In the document Securing Bitbucket Server with Tomcat using SSL, section Configure HTTPS in bitbucket.properties, subsection 1a, after the example provided there is an expandable section "What these properties do...".
      Expanding the section shows a reference table in which the property server.ssl.client-auth is mentioned. The explanation provided for this property does not mention that it is optional, making our customers believe that this setting is in fact mandatory.

      Suggested Solution

      The explanation provided should clarify that this setting is optional, and should only be used in very specific business cases where client authentication is required, and that not specifying that setting at all would set the default value of "false" instead of "need" or "want".

      Workaround

      There are no known workarounds at this moment.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              chaiss@atlassian.com Christine Haiss
              Reporter:
              fkraemer Felipe Kraemer
              Votes:
              3 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated: