Require SSL certificate hash on login by default

Note that it's possible to set a config option to disable this functionality on a per-environment basis (we're disabling it for sandbox), but in general SSL certificate hashes should be required for increased security. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=225053496
2025-07-25 12:08:36 +02:00 · 2018-12-11 12:49:05 -08:00 · 2018-12-11 12:49:05 -08:00 · 400994237c
commit 400994237c
parent 0a44ef0dca
9 changed files with 80 additions and 29 deletions
--- a/java/google/registry/config/files/default-config.yaml
+++ b/java/google/registry/config/files/default-config.yaml
@ -183,6 +183,11 @@ registryPolicy:
    If you have any questions regarding this notice, please contact
    {REPLY_TO_EMAIL}.

+  # Whether to require an SSL certificate hash in order to be able to log in
+  # via EPP and run commands. This can be false for testing environments but
+  # should generally be true for production environments, for added security.
+  requireSslCertificates: true
+
 datastore:
  # Number of commit log buckets in Datastore. Lowering this after initial
  # install risks losing up to a days' worth of differential backups.