jPOS can handle client certificate validation since early SSL days, before the fancy mTLS name :)
<?xml version="1.0" ?>
<server class="org.jpos.q2.iso.QServer" logger="Q2" name="jswitch-server">
<attr name="port" type="java.lang.Integer">${server.port}</attr>
<attr name="socketFactory">org.jpos.iso.SunJSSESocketFactory</attr>
<channel class="org.jpos.iso.channel.CSChannel"
logger="Q2" packager="org.jpos.iso.packager.GenericPackager">
<property name="timeout" value="300000" />
<property name="packager-config" value="jar:packager/iso87binary.xml" />
</channel>
<property name="keystore" value="lib/jswitch.ks" />
<property name="clientauth" value="true" />
<property name="servername" value="jswitch" />
<property name="storepassword" value="${hsm:storepassword}" />
<property name="keypassword" value="${hsm:keypassword}" />
<request-listener class="org.jpos.jswitch.RequestHandler" logger="Q2">
<property name="timeout" value="60000" />
<property name="queue" value="jSwitch.TxnMgr" />
</request-listener>
</server>