The client is tried for "SSL Peer Authentication" even though encryption's require-ssl-client-auth is set to false ------------------------------------------------------------------------------------------------------------------ Key: ISPN-4316 URL: https://issues.jboss.org/browse/ISPN-4316 Project: Infinispan Issue Type: Bug Components: Security, Server Affects Versions: 7.0.0.Alpha4 Reporter: Vijay Bhaskar Chintalapati Assignee: Tristan Tarrant Fix For: 7.0.0.Alpha5 Consider the scenario: - The client enables the authentication thru ConfigurationBuilder (i.e cb.security().authentication()) - The Server's SSL configuration doesn't require client authentication (i.e require-ssl-client-auth="false") and in addition the security-realm's <authentication .../> doesn't include a <truststore .../> In such a scenario the client is unable to authenticate as the following exception is thrown in the server side logs: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated One sided communication encryption (with client storing server's certificate in its trust store) should be supported particularly when the client wants to authenticate via credentials