From f2b9c70ba20f42957f3d1b1bf075fe9505987ab8 Mon Sep 17 00:00:00 2001
From: abhijitherekar <in.abhijit@gmail.com>
Date: Wed, 29 Jan 2020 13:53:51 -0800
Subject: [PATCH] Change the TLS config to require Certs.

---
 controller/internal/enforcer/applicationproxy/http/http.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/controller/internal/enforcer/applicationproxy/http/http.go b/controller/internal/enforcer/applicationproxy/http/http.go
index c080dbb30..cdef393df 100644
--- a/controller/internal/enforcer/applicationproxy/http/http.go
+++ b/controller/internal/enforcer/applicationproxy/http/http.go
@@ -156,7 +156,7 @@ func (p *Config) newBaseTLSConfig() *tls.Config {
 		NextProtos:               []string{"h2"},
 		PreferServerCipherSuites: true,
 		SessionTicketsDisabled:   true,
-		ClientAuth:               tls.VerifyClientCertIfGiven,
+		ClientAuth:               tls.RequireAndVerifyClientCert,
 		ClientCAs:                p.ca,
 		CipherSuites: []uint16{
 			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,