There are two problems with the auto ssl transport that is causing the peer certificates to not always be available and set on the ConnectionInfo object during connection. First, for auto+nio+ssl, the auto init transport needs to have transport properties applied. This is because the initialization transport does the SSL handshake so it needs to know whether or not transport.needClientAuth or transport.wantClientAuth is set. Right now these properties are not processed so it never gets passed to the SSL socket which means none of the protocols have peer certs available over auto+nio+ssl. Second, the Stomp transport is not properly setting the peer certs when using auto+ssl and not using NIO.