As X-Road instance maintainer I want that Security Servers used by multiple members would always use HTTPS with authentication to secure connections to member subsystems.

[VitaliStupin]

Affected components: xroad-proxy Affected documentation: SS-UG Estimated delivery: - External reference: https://jira.ria.ee/browse/XTE-125

Problem If Security Server is configured not to use HTTPS authentication for communication with subsystem and Security Server is used by multiple members then there is a risk that one member can issue requests signed by other members certificate.

Security Server must enforce usage of HTTPS with authentication if there is more then one member registered in that Security Server.

This feature must be controlled by global configuration to allow insecure communications in development environments.

Acceptance criteria

• All Security Servers enforce usage of HTTPS with authentication when they have more than one member registered.
• The feature can be enabled/disabled by global configuration
• By default the feature is disabled

[VitaliStupin]

As soon as we would need to update global configuration it would we wise to wait for #69.

[hanhaka]

We are starting the implementation work for #69 on Monday 15th of September. Implementation work for this one is however rather big and a punch of tests are also needed, but we should complete it within few weeks.

[VitaliStupin]

No longer required. Enabling of this feature would most probably break a lot of systems.