Versions Compared

Old Version 23

changes.mady.by.user Colm O hEigeartaigh

Saved on

compared with

New Version Current

changes.mady.by.user Colm O hEigeartaigh

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Attribute

Default

Description

keyManagers

JVM default Key Managers

Key Managers to hold X509 certificates.

trustManagers

JVM default Trust Managers

TrustManagers to validate peer X509 certificates.

jsseProvider

JVM default provider associated with protocol

JSSE provider name.

cipherSuites

JVM default cipher suites

CipherSuites that will be supported.

cipherSuitesFilter

 


filters of the supported CipherSuites that will be supported and used if available.

certConstraints 


Certificate Constraints specification.

secureRandomParameters

JVM default Secure Random

SecureRandom specification.

secureSocketProtocol

"TLS"

Protocol Name. For example: "TLS", "TLSv1.2", "TLSv1.3".

certAlias

 


Cert alias to use. Useful when keystore has multiple certs.

enableRevocation CXF 3.1.11"false"

This attribute specifies whether to enable revocation when checking the client/server certificate.

To enable "ocsp" this should be set to "true" (along with the Java Security property "ocsp.enable").

...


Note that from CXF 3.0.3 and 2.7.14, the SSLv3 protocol is disabled on the client side, and on the service side (if Jetty is used), unless "SSLv3" is explicitly specified for the "secureSocketProtocol" parameter.

...

Attribute

Default

Description

disableCNCheck

false

Indicates whether that the hostname given in the HTTPS URL will be checked against the service's Common Name (CN) given in its certificate during requests, and failing if there is a mismatch. If set to true (not recommended for production use), such checks will be bypassed. That will allow you, for example, to use a URL such as localhost during development.

sslSocketFactory 


A SSLSocketFactory to use. All other bean properties are ignored if this is set.

sslCacheTimeout

86400 seconds (24 hours)

SSL Cache Timeout in seconds.

useHttpsURLConnectionDefaultSslSocketFactory

false

This attribute specifies if HttpsURLConnection.getDefaultSSLSocketFactory() should be used to create https connections. If 'true', 'jsseProvider', 'secureSocketProtocol', 'trustManagers', 'keyManagers', 'secureRandom', 'cipherSuites' and 'cipherSuitesFilter' configuration parameters are ignored.

useHttpsURLConnectionDefaultHostnameVerifier

false

This attribute specifies if HttpsURLConnection.getDefaultHostnameVerifier() should be used to create https connections. If 'true', 'disableCNCheck' configuration parameter is ignored.

hostnameVerifier 
A custom HostnameVerifier instance to use

...

Attribute

Default

Description

clientAuthentication

Not "wanted" or "required"

Allows you to configure whether client authentication is "wanted" and/or "required.

excludeProtocolsSSLv3 is disabled by default for Jetty from CXF 3.0.3 + 2.7.14The TLS protocols to exclude.
includeProtocols CXF 3.1.1/3.0.6 
Allows you to add more protocols. For example, if you have a TLS protocol you could add support for "SSLv2Hello" here, for older clients.

...