Table of Contents |
---|
TLS Parameters common to both Clients and Servers
The TLS Parameters common to both Clients and Servers are given here:The TLSClientParameters are listed here and here.
Attribute | Default | Since | Description | Description | ||
---|---|---|---|---|---|---|
| JVM default Key Managers | Key Managers to hold X509 certificates. | ||||
| JVM default Trust Managers | TrustManagers to validate peer X509 certificates. | ||||
| JVM default provider associated with protocol | JSSE provider name | |
|
| Certificate Constraints specification. |
| JVM default sslContext cipher suites | CipherSuites that will be supported. | ||||
|
| filters of the supported CipherSuites that will be supported and used if available. | ||||
|
| Certificate Constraints specification. | ||||
| JVM default Secure Random | SecureRandom specification. | ||||
| "TLS" |
| Protocol Name. Most common example are "SSL", "TLS" or "TLSv1". | |||
|
| Cert alias to use. Useful when keystore has multiple certs. |
Client TLS Parameters
In addition to the TLS Parameters common to both Clients and Servers, there are some parameters that are specific to Clients:
Attribute | Default | Description | ||||
---|---|---|---|---|---|---|
| | | | 2.0.5 | Indicates whether that the hostname given in the HTTPS URL will be checked against the service's Common Name (CN) given in its certificate during SOAP client requests, and failing if there is a mismatch. If set to | |
| default JVM provider associated with protocol |
| JSSE provider name. | |||
| JVM default Key Managers |
| Key Managers to hold X509 certificates. | |||
| JVM default Secure Random |
| SecureRandom specification. | |||
| "TLS" |
| Protocol Name. Most common example are "SSL", "TLS" or "TLSv1". | |||
A SSLSocketFactory to use. All other bean properties are ignored if this is set. | ||||||
| 86400000 milliseconds (24 hours) | SSL Cache Timeout in seconds | | JVM default Trust Managers |
| TrustManagers to validate peer X509 certificates. |
| | 2.2.7 | This attribute specifies if HttpsURLConnection.getDefaultSSLSocketFactory() should be used to create https connections. If ' | |||
|
| This attribute specifies if HttpsURLConnection.getDefaultHostnameVerifier() should be used to create https connections. If ' |
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
... <http-conf:conduit name="{http://example.com/}HelloWorldServicePort.http-conduit"> <!-- deactivate HTTPS url hostname verification (localhost, etc) --> <!-- WARNING ! disableCNcheck=true should NOT be used in production --> <http-conf:tlsClientParameters disableCNcheck="true" /> ... </http-conf:conduit> ... |
Server TLS Parameters
In addition to the TLS Parameters common to both Clients and Servers, there are some parameters that are specific to Servers:
Attribute | Default | Description | |
---|---|---|---|
| Not "wanted" or "required" | Allows you to configure whether client authentication is "wanted" and | or "required. |