Hi Alastair,
The irods_environment.json file only adjusts the client-side connection settings for that user.
If you want to require SSL for all connections to the server, you need to adjust
acPreConnect() in
core.re. For example:
acPreConnect(*OUT) {
# Require all clients to connect using SSL/TLS.
# If the client isn't using SSL/TLS, drop the connection.
*OUT = "CS_NEG_REQUIRE";
}
With that in place, you'll start to see connection errors for any client that isn't using SSL.
Please see the following for additional information.
The iRODS server will log messages and return information to the client indicating if there's an error in your SSL configuration.
You can also use tools like tcpdump and wireshark to visually inspect SSL communication between the client and the iRODS server.
Hope that helps!
Kory Draughn
Chief Technologist
iRODS Consortium