While looking into
SOLR-8970 i realized there was a whole heap of problems with how clientAuth was being handled in tests. Notably: it wasn't actaully being used when the randomization selects it (aparently due to a copy/paste mistake in SOLR-7166). But there are few other misc issues (improper usage of sysprops overrides for tests, missuage of keystore/truststore in test clients, etc..)
I'm working up a patch to fix all of this, and add some much needed tests to explicitly verify both SSL and clientAuth that will include some "false positive" verifications, and some "test the test" checks.