Versions Compared

Old Version 1

changes.mady.by.user Colm O hEigeartaigh

Saved on

compared with

New Version 2

changes.mady.by.user Colm O hEigeartaigh

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

TLS Parameters common to both Clients and Servers

The TLS Parameters common to both Clients and Servers are given here:The TLSClientParameters are listed here and here.

Attribute

Default

Since

Description

Description

keyManagers

JVM default Key Managers

Key Managers to hold X509 certificates.

trustManagers

JVM default Trust Managers

TrustManagers to validate peer X509 certificates.

jsseProvider

JVM default provider associated with protocol

JSSE provider name

certConstraints

 

 

Certificate Constraints specification.

cipherSuites

JVM default sslContext cipher suites  

CipherSuites that will be supported.

cipherSuitesFilter 

 

filters of the supported CipherSuites that will be supported and used if available.

certConstraints

 

Certificate Constraints specification.

secureRandom

JVM default Secure Random

SecureRandom specification.

secureSocketProtocol

"TLS"

 

Protocol Name. Most common example are "SSL", "TLS" or "TLSv1".

certAlias

 

Cert alias to use. Useful when keystore has multiple certs.

Client TLS Parameters

In addition to the TLS Parameters common to both Clients and Servers, there are some parameters that are specific to Clients:

Attribute

Default

Description

disableCNcheck

false

disableCNcheck

false

2.0.5

Indicates whether that the hostname given in the HTTPS URL will be checked against the service's Common Name (CN) given in its certificate during SOAP client requests, and failing if there is a mismatch. If set to true (not recommended for production use), such checks will be bypassed. That will allow you, for example, to use a URL such as localhost during development.

jsseProvider

default JVM provider associated with protocol sslSocketFactory

 

JSSE provider name.

keyManagers

JVM default Key Managers

 

Key Managers to hold X509 certificates.

secureRandomParameters

JVM default Secure Random

 

SecureRandom specification.

secureSocketProtocol

"TLS"

 

Protocol Name. Most common example are "SSL", "TLS" or "TLSv1".

A SSLSocketFactory to use. All other bean properties are ignored if this is set.

sslCacheTimeout

86400000 milliseconds (24 hours)

SSL Cache Timeout in seconds

trustManagers

JVM default Trust Managers

 

TrustManagers to validate peer X509 certificates.

useHttpsURLConnectionDefaultSslSocketFactory

false

2.2.7

This attribute specifies if HttpsURLConnection.getDefaultSSLSocketFactory() should be used to create https connections. If 'true', 'jsseProvider', 'secureSocketProtocol', 'trustManagers', 'keyManagers', 'secureRandom', 'cipherSuites' and 'cipherSuitesFilter' configuration parameters are ignored.

useHttpsURLConnectionDefaultHostnameVerifier

false 2.2.7

This attribute specifies if HttpsURLConnection.getDefaultHostnameVerifier() should be used to create https connections. If 'true', 'disableCNCheck' configuration parameter is ignored.

...

Code Block
xml
xml
titleHTTP conduit configuration disabling HTTP URL hostname verification (usage of localhost, etc)
 ...
 <http-conf:conduit 
     name="{http://example.com/}HelloWorldServicePort.http-conduit">

   <!-- deactivate HTTPS url hostname verification (localhost, etc)    -->
   <!-- WARNING ! disableCNcheck=true should NOT be used in production -->
   <http-conf:tlsClientParameters disableCNcheck="true" />
   ...
 </http-conf:conduit>
 ...

Server TLS Parameters

In addition to the TLS Parameters common to both Clients and Servers, there are some parameters that are specific to Servers:

Attribute

Default

Description

clientAuthentication

Not "wanted" or "required"

Allows you to configure whether client authentication is "wanted" and

or "required.