Versions Compared

Old Version 43

changes.mady.by.user Cyrille Le Clerc

Saved on

compared with

New Version 44

changes.mady.by.user Cyrille Le Clerc

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The TLSClientParameters are listed here and here.

trustAllCertificates: SSL X509 certificate verification deactivation

...

Attribute

Default

Since

Description

certConstraints

 

 

Certificate Constraints specification.

cipherSuites

 

 

CipherSuites that will be supported.

cipherSuitesFilter

 

 

filters of the supported CipherSuites that will be supported and used if available.

disableCNcheck

false

2.0.5

Indicates whether that the hostname given in the HTTPS URL will be checked against the service's Common Name (CN) given in its certificate during SOAP client requests, and failing if there is a mismatch. If set to true (not recommended for production use), such checks will be bypassed. That will allow you, for example, to

...

use a

...

URL such as localhost during development.

...

Wiki Markup
Note : {{trustAllCertificates}} is a parameterized boolean, you can use a fixed variable {{true}}|{{false}} as well as a [Spring externalized property|http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/beans.html#beans-factory-placeholderconfigurer] variable (e.g. {{${trust-all-certificates\}}}) or a [Spring expression|http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/expressions.html#expressions-beandef] (e.g. {{#{systemProperties\['dev-mode'\]\}}}).

...


 ...
 <http-conf:conduit name="{http://example.com/}HelloWorldServicePort.http-conduit">

  <!-- trust all certificates (self-signed certificate, etc)                -->
  <!-- WARNING ! trustAllCertificates=true should NOT be used in production -->
  <http-conf:tlsClientParameters trustAllCertificates="true" />
  ...
 </http-conf:conduit>
 ...

disableCNcheck: SSL hostname verification

...

jsseProvider

 

 

JSSE provider name.

keyManagers

 

 

KeyManagers specification.

secureRandomParameters

 

 

SecureRandom specification.

secureSocketProtocol

 

 

Protocol Name. Most common example are "SSL", "TLS" or "TLSv1".

trustManagers

 

 

TrustManagers specification.

useHttpsURLConnectionDefaultSslSocketFactory

false

2.2.7

specifies if HttpsURLConnection.getDefaultSSLSocketFactory() should be used to create https connections. If 'true', 'jsseProvider', 'secureSocketProtocol', 'trustManagers', 'keyManagers', 'secureRandom', 'cipherSuites' and 'cipherSuitesFilter' configuration parameters are ignored.

useHttpsURLConnectionDefaultHostnameVerifier

false

2.2.7

This attribute specifies if HttpsURLConnection.getDefaultHostnameVerifier() should be used to create https connections. If 'true', 'disableCNCheck' configuration parameter is ignored.

Wiki Markup
Note :  {{disableCNcheck}} is a parameterized boolean, you can use a fixed variable {{true}}\|{{false}} as well as a [Spring externalized property|http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/beans.html#beans-factory-placeholderconfigurer] variable (e.g. {{${disable-https-hostname-verification\}}}) or a [Spring expression|http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/expressions.html#expressions-beandef] (e.g. {{#{systemProperties\['dev-mode'\]\}}}).

Sample :

Code Block
xml
xml
titleHTTP conduit configuration disabling HTTP URL hostname verification (usage of localhost, etc)
 ...
 <http-conf:conduit name="{http://example.com/}HelloWorldServicePort.http-conduit">

   <!-- deactivate HTTPS url hostname verification (localhost, etc)    -->
   <!-- WARNING ! disableCNcheck=true should NOT be used in production -->
   <http-conf:tlsClientParameters disableCNcheck="true" />
   ...
 </http-conf:conduit>
 ...

...