Versions Compared

Old Version 69

changes.mady.by.user Colm O hEigeartaigh

Saved on

compared with

New Version 70

changes.mady.by.user Colm O hEigeartaigh

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The tlsClientParameters element

The TLSClientParameters are listed here and here.

Attribute

Default

Since

Description

certConstraints

 

 

Certificate Constraints specification.

cipherSuites

default sslContext cipher suites

 

CipherSuites that will be supported.

cipherSuitesFilter

 

 

filters of the supported CipherSuites that will be supported and used if available.

disableCNcheck

false

2.0.5

Indicates whether that the hostname given in the HTTPS URL will be checked against the service's Common Name (CN) given in its certificate during SOAP client requests, and failing if there is a mismatch. If set to true (not recommended for production use), such checks will be bypassed. That will allow you, for example, to use a URL such as localhost during development.

jsseProvider

default JVM provider associated with protocol

 

JSSE provider name.

keyManagers

JVM default Key Managers

 

Key Managers to hold X509 certificates.

secureRandomParameters

JVM default Secure Random

 

SecureRandom specification.

secureSocketProtocol

"TLS"

 

Protocol Name. Most common example are "SSL", "TLS" or "TLSv1".

trustManagers

JVM default Trust Managers

 

TrustManagers to validate peer X509 certificates.

useHttpsURLConnectionDefaultSslSocketFactory

false

2.2.7

specifies if HttpsURLConnection.getDefaultSSLSocketFactory() should be used to create https connections. If 'true', 'jsseProvider', 'secureSocketProtocol', 'trustManagers', 'keyManagers', 'secureRandom', 'cipherSuites' and 'cipherSuitesFilter' configuration parameters are ignored.

useHttpsURLConnectionDefaultHostnameVerifier

false

2.2.7

This attribute specifies if HttpsURLConnection.getDefaultHostnameVerifier() should be used to create https connections. If 'true', 'disableCNCheck' configuration parameter is ignored.

Wiki Markup
Note :  {{disableCNcheck}} is a parameterized boolean, you can use a fixed variable {{true}}\|{{false}} as well as a [Spring externalized property|http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/beans.html#beans-factory-placeholderconfigurer] variable (e.g. {{${disable-https-hostname-verification\}}}) or a [Spring expression|http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/expressions.html#expressions-beandef] (e.g. {{#{systemProperties\['dev-mode'\]\}}}).

Sample :

...

Please see TLS Configuration page for more information.

Using WSDL

Namespace

The WSDL extension elements used to configure an HTTP client are defined in the namespace http://cxf.apache.org/transports/http/configuration. It is commonly referred to using the prefix http-conf. In order to use the HTTP configuration elements you will need to add the line shown below to the definitions element of your endpoint's WSDL document.

...