You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cxf.apache.org by "Tom.R" <to...@us.army.mil> on 2010/05/13 19:45:13 UTC

CXF client api hook for sun.security.ssl.allowUnsafeRenegotiation

Is there a a client api hook for setting the
"-Dsun.security.ssl.allowUnsafeRenegotiation=true" pertaining to the newly
discovered renegotiation TLS/SSL security hole (for those using sun jdk
greater than 1.6.0_18).

My issue is that I would like my cxf client to communicate with a server,
which does yet have a patch release for this while keeping my other client
communications secure.  I was hoping it is possible to avoid using the
global jdk system setting and restricting it to a specific client.

Is this possible?  Can this be done through CXF api?  if not, are there any
other methods/approaches/api that I could tap into to allow this
communication on the latest jdk1.6.0_20?
-- 
View this message in context: http://old.nabble.com/CXF-client-api-hook-for-sun.security.ssl.allowUnsafeRenegotiation-tp28550529p28550529.html
Sent from the cxf-dev mailing list archive at Nabble.com.

Re: CXF client api hook for sun.security.ssl.allowUnsafeRenegotiation

Posted by Daniel Kulp <dk...@apache.org>.


Since we just use the standard HTTPUrlConnection things, the exact same method 
of setting the system described in oracles readme on the topic should work 
fine.   Just set the system property.

Dan


On Thursday 13 May 2010 1:45:13 pm Tom.R wrote:
> Is there a a client api hook for setting the
> "-Dsun.security.ssl.allowUnsafeRenegotiation=true" pertaining to the newly
> discovered renegotiation TLS/SSL security hole (for those using sun jdk
> greater than 1.6.0_18).
> 
> My issue is that I would like my cxf client to communicate with a server,
> which does yet have a patch release for this while keeping my other client
> communications secure.  I was hoping it is possible to avoid using the
> global jdk system setting and restricting it to a specific client.
> 
> Is this possible?  Can this be done through CXF api?  if not, are there any
> other methods/approaches/api that I could tap into to allow this
> communication on the latest jdk1.6.0_20?

-- 
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog