TLS Parameters common to both Clients and Servers
The TLS Parameters common to both Clients and Servers are given here:
Attribute |
Default |
Description |
|
---|---|---|---|
|
JVM default Key Managers |
Key Managers to hold X509 certificates. |
|
|
JVM default Trust Managers |
TrustManagers to validate peer X509 certificates. |
|
|
JVM default provider associated with protocol |
JSSE provider name. |
|
|
JVM default cipher suites |
CipherSuites that will be supported. |
|
|
|
filters of the supported CipherSuites that will be supported and used if available. |
|
|
|
Certificate Constraints specification. |
|
|
JVM default Secure Random |
SecureRandom specification. |
|
|
"TLS" |
|
Protocol Name. Most common example are "SSL", "TLS" or "TLSv1". |
|
|
Cert alias to use. Useful when keystore has multiple certs. |
Client TLS Parameters
In addition to the TLS Parameters common to both Clients and Servers, there are some parameters that are specific to Clients:
Attribute |
Default |
Description |
---|---|---|
|
|
Indicates whether that the hostname given in the HTTPS URL will be checked against the service's Common Name (CN) given in its certificate during requests, and failing if there is a mismatch. If set to |
|
|
A SSLSocketFactory to use. All other bean properties are ignored if this is set. |
|
86400000 milliseconds (24 hours) |
SSL Cache Timeout in seconds. |
|
|
This attribute specifies if HttpsURLConnection.getDefaultSSLSocketFactory() should be used to create https connections. If ' |
|
|
This attribute specifies if HttpsURLConnection.getDefaultHostnameVerifier() should be used to create https connections. If ' |
Note : disableCNcheck
is a parameterized boolean, you can use a fixed variable true
|false
as well as a Spring externalized property variable (e.g. ${disable-https-hostname-verification
}) or a Spring expression (e.g. #{systemProperties['dev-mode']
}).
Sample :
... <http-conf:conduit name="{http://example.com/}HelloWorldServicePort.http-conduit"> <!-- deactivate HTTPS url hostname verification (localhost, etc) --> <!-- WARNING ! disableCNcheck=true should NOT be used in production --> <http-conf:tlsClientParameters disableCNcheck="true" /> ... </http-conf:conduit> ...
Server TLS Parameters
In addition to the TLS Parameters common to both Clients and Servers, there are some parameters that are specific to Servers:
Attribute |
Default |
Description |
|
---|---|---|---|
|
Not "wanted" or "required" |
Allows you to configure whether client authentication is "wanted" and |
or "required. |