You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by bu...@apache.org on 2013/08/12 17:48:16 UTC
svn commit: r874344 - in /websites/production/cxf/content:
cache/docs.pageCache docs/client-http-transport-including-ssl-support.html
docs/jetty-configuration.html docs/standalone-http-transport.html
docs/tls-configuration.html
Author: buildbot
Date: Mon Aug 12 15:48:16 2013
New Revision: 874344
Log:
Production update by buildbot for cxf
Added:
websites/production/cxf/content/docs/tls-configuration.html
Modified:
websites/production/cxf/content/cache/docs.pageCache
websites/production/cxf/content/docs/client-http-transport-including-ssl-support.html
websites/production/cxf/content/docs/jetty-configuration.html
websites/production/cxf/content/docs/standalone-http-transport.html
Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/docs/client-http-transport-including-ssl-support.html
==============================================================================
--- websites/production/cxf/content/docs/client-http-transport-including-ssl-support.html (original)
+++ websites/production/cxf/content/docs/client-http-transport-including-ssl-support.html Mon Aug 12 15:48:16 2013
@@ -473,32 +473,7 @@ Language tags are regulated by the Inter
<h3><a shape="rect" name="ClientHTTPTransport%28includingSSLsupport%29-The%7B%7BtlsClientParameters%7D%7Delement"></a>The <tt>tlsClientParameters</tt> element</h3>
-<p>The TLSClientParameters are listed <a shape="rect" class="external-link" href="https://svn.apache.org/repos/asf/cxf/trunk/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java">here</a> and <a shape="rect" class="external-link" href="https://svn.apache.org/repos/asf/cxf/trunk/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java">here</a>. </p>
-
-<div class="table-wrap">
-<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"> Attribute </th><th colspan="1" rowspan="1" class="confluenceTh"> Default </th><th colspan="1" rowspan="1" class="confluenceTh"> Since </th><th colspan="1" rowspan="1" class="confluenceTh"> Description </th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>certConstraints</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> </td><td colspan="1" rowspan="1" class="confluenceTd"> </td><td colspan="1" rowspan="1" class="confluenceTd"> Certificate Constraints specification. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>cipherSuites</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> default sslContext cipher suites </td><td colspan="1" rowspan="1" class="confluenceTd"> </td><td colspan="1" rowspan="1" class="confluenceTd"> CipherSuites that will be supported. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>cipherS
uitesFilter</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> </td><td colspan="1" rowspan="1" class="confluenceTd"> </td><td colspan="1" rowspan="1" class="confluenceTd"> filters of the supported CipherSuites that will be supported and used if available. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>disableCNcheck</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>false</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> 2.0.5 </td><td colspan="1" rowspan="1" class="confluenceTd"> Indicates whether that the hostname given in the HTTPS URL will be checked against the service's Common Name (CN) given in its certificate during SOAP client requests, and failing if there is a mismatch. If set to <tt>true</tt> (<b>not recommended for production use</b>), such checks will be bypassed. That will allow you, for example, to use a URL such as <tt>localhost</tt> during development. </td></tr><tr><td colspan="1" rowspan="1" class=
"confluenceTd"> <tt>jsseProvider</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> default JVM provider associated with protocol </td><td colspan="1" rowspan="1" class="confluenceTd"> </td><td colspan="1" rowspan="1" class="confluenceTd"> JSSE provider name. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>keyManagers</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> JVM default Key Managers </td><td colspan="1" rowspan="1" class="confluenceTd"> </td><td colspan="1" rowspan="1" class="confluenceTd"> Key Managers to hold X509 certificates. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>secureRandomParameters</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> JVM default Secure Random </td><td colspan="1" rowspan="1" class="confluenceTd"> </td><td colspan="1" rowspan="1" class="confluenceTd"> SecureRandom specification. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>secureSock
etProtocol</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> "TLS" </td><td colspan="1" rowspan="1" class="confluenceTd"> </td><td colspan="1" rowspan="1" class="confluenceTd"> Protocol Name. Most common example are "SSL", "TLS" or "TLSv1". </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>trustManagers</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> JVM default Trust Managers </td><td colspan="1" rowspan="1" class="confluenceTd"> </td><td colspan="1" rowspan="1" class="confluenceTd"> TrustManagers to validate peer X509 certificates. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>useHttpsURLConnectionDefaultSslSocketFactory</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>false</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> 2.2.7 </td><td colspan="1" rowspan="1" class="confluenceTd"> specifies if <a shape="rect" class="external-link" href="http://java.sun.com/javase/6/docs/api/javax/ne
t/ssl/HttpsURLConnection.html#getDefaultSSLSocketFactory()" rel="nofollow">HttpsURLConnection.getDefaultSSLSocketFactory()</a> should be used to create https connections. If '<tt>true</tt>', '<tt>jsseProvider</tt>', '<tt>secureSocketProtocol</tt>', '<tt>trustManagers</tt>', '<tt>keyManagers</tt>', '<tt>secureRandom</tt>', '<tt>cipherSuites</tt>' and '<tt>cipherSuitesFilter</tt>' configuration parameters are ignored. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>useHttpsURLConnectionDefaultHostnameVerifier</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>false</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> 2.2.7 </td><td colspan="1" rowspan="1" class="confluenceTd"> This attribute specifies if <a shape="rect" class="external-link" href="http://java.sun.com/javase/6/docs/api/javax/net/ssl/HttpsURLConnection.html#getDefaultHostnameVerifier()" rel="nofollow">HttpsURLConnection.getDefaultHostnameVerifier()</a> should be used to create htt
ps connections. If '<tt>true</tt>', '<tt>disableCNCheck</tt>' configuration parameter is ignored. </td></tr></tbody></table>
-</div>
-
-
-
-<p>Note : <tt>disableCNcheck</tt> is a parameterized boolean, you can use a fixed variable <tt>true</tt>|<tt>false</tt> as well as a <a shape="rect" class="external-link" href="http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/beans.html#beans-factory-placeholderconfigurer" rel="nofollow">Spring externalized property</a> variable (e.g. <tt>${disable-https-hostname-verification</tt>}) or a <a shape="rect" class="external-link" href="http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/expressions.html#expressions-beandef" rel="nofollow">Spring expression</a> (e.g. <tt>#{systemProperties['dev-mode']</tt>}).</p>
-
-<p>Sample : </p>
-
-<div class="code panel" style="border-width: 1px;"><div class="codeHeader panelHeader" style="border-bottom-width: 1px;"><b>HTTP conduit configuration disabling HTTP URL hostname verification (usage of localhost, etc)</b></div><div class="codeContent panelContent">
-<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
- ...
- <http-conf:conduit
- name="{http://example.com/}HelloWorldServicePort.http-conduit">
-
- <!-- deactivate HTTPS url hostname verification (localhost, etc) -->
- <!-- WARNING ! disableCNcheck=true should NOT be used in production -->
- <http-conf:tlsClientParameters disableCNcheck="true" />
- ...
- </http-conf:conduit>
- ...
-]]></script>
-</div></div>
+<p>Please see <a shape="rect" class="external-link" href="https://cwiki.apache.org/confluence/display/CXF20DOC/TLS+Configuration">TLS Configuration</a> page for more information. </p>
<h2><a shape="rect" name="ClientHTTPTransport%28includingSSLsupport%29-UsingWSDL"></a>Using WSDL</h2>
Modified: websites/production/cxf/content/docs/jetty-configuration.html
==============================================================================
--- websites/production/cxf/content/docs/jetty-configuration.html (original)
+++ websites/production/cxf/content/docs/jetty-configuration.html Mon Aug 12 15:48:16 2013
@@ -167,7 +167,7 @@ Apache CXF -- Jetty Configuration
<p>The child elements used to provide the configuration properties are described below.</p>
<div class="table-wrap">
-<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"> Element </th><th colspan="1" rowspan="1" class="confluenceTh"> Description </th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> httpj:tlsServerParameters </td><td colspan="1" rowspan="1" class="confluenceTd"> Specifies a set of properties for configuring the security used for the specific Jetty instance. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> httpj:tlsServerParametersRef </td><td colspan="1" rowspan="1" class="confluenceTd"> Refers to a set of security properties defined by a <tt>identifiedTLSServerParameters</tt> element. The <tt>id</tt> attribute provides the id of the referred <tt>identifiedTLSServerParameters</tt> element. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> httpj:threadingParameters </td><td colspan="1" rowspan="1" class="confluenceTd"> Specifies the size of the thread pool used by the specific Jetty instance. </td></tr><tr>
<td colspan="1" rowspan="1" class="confluenceTd"> httpj:threadingParametersRef </td><td colspan="1" rowspan="1" class="confluenceTd"> Refers to a set of properties defined by a <tt>identifiedThreadingParameters</tt> element. The <tt>id</tt> attribute provides the id of the referred <tt>identifiedThreadingParameters</tt> element. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> httpj:connector </td><td colspan="1" rowspan="1" class="confluenceTd"> You can use spring beans syntax to instantiate a connector and set the connector's properties , this connector will be set to the Jetty server engine </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> httpj:handlers </td><td colspan="1" rowspan="1" class="confluenceTd"> You can use spring beans syntax to instantiate a Jetty handler list and set these handlers' properties , the jetty handlers will be set to the Jetty server engine </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> httpj:sessionSupport
</td><td colspan="1" rowspan="1" class="confluenceTd"> If the value is true , the Jetty Engine will set up a session manager for the Jetty server engine to maintain the sessions. The default value of it is false.</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> httpj:reuseAddress </td><td colspan="1" rowspan="1" class="confluenceTd"> The the value is true, the Jetty Engine connector's socket will enable the SO_REUSEADDR flage. The default value of it is true. (This feature is available in CXF 2.0.3)</td></tr></tbody></table>
+<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"> Element </th><th colspan="1" rowspan="1" class="confluenceTh"> Description </th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> httpj:tlsServerParameters </td><td colspan="1" rowspan="1" class="confluenceTd"> Specifies a set of properties for configuring the security used for the specific Jetty instance. See the <a shape="rect" class="external-link" href="https://cwiki.apache.org/confluence/display/CXF20DOC/TLS+Configuration">TLS Configuration</a> page for more information.</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> httpj:tlsServerParametersRef </td><td colspan="1" rowspan="1" class="confluenceTd"> Refers to a set of security properties defined by a <tt>identifiedTLSServerParameters</tt> element. The <tt>id</tt> attribute provides the id of the referred <tt>identifiedTLSServerParameters</tt> element. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"
> httpj:threadingParameters </td><td colspan="1" rowspan="1" class="confluenceTd"> Specifies the size of the thread pool used by the specific Jetty instance. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> httpj:threadingParametersRef </td><td colspan="1" rowspan="1" class="confluenceTd"> Refers to a set of properties defined by a <tt>identifiedThreadingParameters</tt> element. The <tt>id</tt> attribute provides the id of the referred <tt>identifiedThreadingParameters</tt> element. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> httpj:connector </td><td colspan="1" rowspan="1" class="confluenceTd"> You can use spring beans syntax to instantiate a connector and set the connector's properties , this connector will be set to the Jetty server engine </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> httpj:handlers </td><td colspan="1" rowspan="1" class="confluenceTd"> You can use spring beans syntax to instantiate a Jetty handler list and set
these handlers' properties , the jetty handlers will be set to the Jetty server engine </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> httpj:sessionSupport </td><td colspan="1" rowspan="1" class="confluenceTd"> If the value is true , the Jetty Engine will set up a session manager for the Jetty server engine to maintain the sessions. The default value of it is false.</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> httpj:reuseAddress </td><td colspan="1" rowspan="1" class="confluenceTd"> The the value is true, the Jetty Engine connector's socket will enable the SO_REUSEADDR flage. The default value of it is true. (This feature is available in CXF 2.0.3)</td></tr></tbody></table>
</div>
Modified: websites/production/cxf/content/docs/standalone-http-transport.html
==============================================================================
--- websites/production/cxf/content/docs/standalone-http-transport.html (original)
+++ websites/production/cxf/content/docs/standalone-http-transport.html Mon Aug 12 15:48:16 2013
@@ -129,7 +129,7 @@ Apache CXF -- Standalone HTTP Transport
<div class="wiki-content">
<div id="ConfluenceContent"><h1><a shape="rect" name="StandaloneHTTPTransport-ConfiguringSSL"></a>Configuring SSL</h1>
-<p>To configure the standalone HTTP transport to use SSL, you'll need to add an <http:destination> definition to your XML configuration file. See the <a shape="rect" href="configuration.html" title="Configuration">Configuration</a> guide to learn how to supply your own XML configuration file to CXF. If you are already using Spring, this can be added to your existing beans definitions.</p>
+<p>To configure the standalone HTTP transport to use SSL, you'll need to add an <http:destination> definition to your XML configuration file. See the <a shape="rect" href="configuration.html" title="Configuration">Configuration</a> guide to learn how to supply your own XML configuration file to CXF. If you are already using Spring, this can be added to your existing beans definitions. For more information about configuring TLS, see the <a shape="rect" class="external-link" href="https://cwiki.apache.org/confluence/display/CXF20DOC/TLS+Configuration">Configuring TLS</a> page.</p>
<p>Destinations in CXF are responsible for listening for server side requests.</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
Added: websites/production/cxf/content/docs/tls-configuration.html
==============================================================================
--- websites/production/cxf/content/docs/tls-configuration.html (added)
+++ websites/production/cxf/content/docs/tls-configuration.html Mon Aug 12 15:48:16 2013
@@ -0,0 +1,202 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<html>
+ <head>
+ <link type="text/css" rel="stylesheet" href="http://cxf.apache.org/resources/site.css">
+ <script src="http://cxf.apache.org/resources/space.js" type="text/javascript"></script>
+
+<meta http-equiv="Content-type" content="text/html;charset=UTF-8">
+<meta name="keywords" content="business integration, EAI, SOA, Service Oriented Architecture, web services, SOAP, JBI, JMS, WSDL, XML, EDI, Electronic Data Interchange, standards support, integration standards, application integration, middleware, software, solutions, services, CXF, open source">
+<meta name="description" content="Apache CXF, Services Framework - TLS Configuration">
+
+ <link href='http://cxf.apache.org/resources/highlighter/styles/shCoreCXF.css' rel='stylesheet' type='text/css' />
+ <link href='http://cxf.apache.org/resources/highlighter/styles/shThemeCXF.css' rel='stylesheet' type='text/css' />
+ <script src='http://cxf.apache.org/resources/highlighter/scripts/shCore.js' type='text/javascript'></script>
+ <script src='http://cxf.apache.org/resources/highlighter/scripts/shBrushJava.js' type='text/javascript'></script>
+ <script src='http://cxf.apache.org/resources/highlighter/scripts/shBrushXml.js' type='text/javascript'></script>
+
+ <script type="text/javascript">
+ SyntaxHighlighter.defaults['toolbar'] = false;
+ SyntaxHighlighter.all();
+ </script>
+
+ <title>
+Apache CXF -- TLS Configuration
+ </title>
+ </head>
+<body onload="init()">
+
+
+<table width="100%" cellpadding="0" cellspacing="0">
+ <tr>
+ <td id="cell-0-0" colspan="2"> </td>
+ <td id="cell-0-1"> </td>
+ <td id="cell-0-2" colspan="2"> </td>
+ </tr>
+ <tr>
+ <td id="cell-1-0"> </td>
+ <td id="cell-1-1"> </td>
+ <td id="cell-1-2">
+ <!-- Banner -->
+<div class="banner" id="banner"><div><table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td align="left" colspan="1" nowrap>
+<a shape="rect" href="http://cxf.apache.org/" title="Apache CXF"><span style="font-weight: bold; font-size: 170%; color: white">Apache CXF</span></a>
+</td><td align="right" colspan="1" nowrap>
+<a shape="rect" href="http://www.apache.org/" title="The Apache Sofware Foundation"><img border="0" alt="ASF Logo" src="http://cxf.apache.org/images/asf-logo.png"></a>
+</td></tr></table></div></div>
+ <!-- Banner -->
+ <div id="top-menu">
+ <table border="0" cellpadding="1" cellspacing="0" width="100%">
+ <tr>
+ <td>
+ <div align="left">
+ <!-- Breadcrumbs -->
+<a href="index.html">Index</a> > <a href="transports.html">Transports</a> > <a href="http-transport.html">HTTP Transport</a> > <a href="asynchronous-client-http-transport.html">Asynchronous Client HTTP Transport</a> > <a href="tls-configuration.html">TLS Configuration</a>
+ <!-- Breadcrumbs -->
+ </div>
+ </td>
+ <td>
+ <div align="right">
+ <!-- Quicklinks -->
+<div id="quicklinks"><p><a shape="rect" href="http://cxf.apache.org/download.html">Download</a> | <a shape="rect" href="http://cxf.apache.org/docs/index.html">Documentation</a></p></div>
+ <!-- Quicklinks -->
+ </div>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ <td id="cell-1-3"> </td>
+ <td id="cell-1-4"> </td>
+ </tr>
+ <tr>
+ <td id="cell-2-0" colspan="2"> </td>
+ <td id="cell-2-1">
+ <table>
+ <tr valign="top">
+ <td height="100%">
+ <div id="wrapper-menu-page-right">
+ <div id="wrapper-menu-page-top">
+ <div id="wrapper-menu-page-bottom">
+ <div id="menu-page">
+ <!-- NavigationBar -->
+<div id="navigation"><ul class="alternate" type="square"><li><a shape="rect" href="overview.html" title="Overview">Overview</a></li><li><a shape="rect" href="how-tos.html" title="How-Tos">How-Tos</a></li><li><a shape="rect" href="frontends.html" title="Frontends">Frontends</a></li><li><a shape="rect" href="databindings.html" title="DataBindings">DataBindings</a></li><li><a shape="rect" href="transports.html" title="Transports">Transports</a></li><li><a shape="rect" href="configuration.html" title="Configuration">Configuration</a></li><li><a shape="rect" href="debugging-and-logging.html" title="Debugging and Logging">Debugging and Logging</a></li><li><a shape="rect" href="tools.html" title="Tools">Tools</a></li><li><a shape="rect" href="restful-services.html" title="RESTful Services">RESTful Services</a></li><li><a shape="rect" href="wsdl-bindings.html" title="WSDL Bindings">WSDL Bindings</a></li><li><a shape="rect" href="service-routing.html" title="Service Routing">Service Routing<
/a></li><li><a shape="rect" href="dynamic-languages.html" title="Dynamic Languages">Dynamic Languages</a></li><li><a shape="rect" href="ws-support.html" title="WS-* Support">WS-* Support</a></li><li><a shape="rect" href="advanced-integration.html" title="Advanced Integration">Advanced Integration</a></li><li><a shape="rect" href="deployment.html" title="Deployment">Deployment</a></li><li><a shape="rect" href="schemas-and-namespaces.html" title="Schemas and Namespaces">Use of Schemas and Namespaces</a></li></ul>
+
+
+<hr>
+<ul class="alternate" type="square"><li>Search<br clear="none">
+
+<form enctype="application/x-www-form-urlencoded" method="get" id="cse-search-box" action="http://www.google.com/cse">
+ <div>
+ <input type="hidden" name="cx" value="002890367768291051730:o99qiwa09y4">
+ <input type="hidden" name="ie" value="UTF-8">
+ <input type="text" name="q" size="21">
+ <input type="submit" name="sa" value="Search">
+ </div>
+</form>
+<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
+</li></ul>
+
+
+<hr>
+<ul class="alternate" type="square"><li><a shape="rect" href="http://cxf.apache.org/javadoc/latest/">API (Javadoc)</a></li><li><a shape="rect" href="http://cxf.apache.org/">CXF Website</a></li></ul>
+
+</div>
+ <!-- NavigationBar -->
+ </div>
+ </div>
+ </div>
+ </div>
+ </td>
+ <td height="100%">
+ <!-- Content -->
+ <div class="wiki-content">
+<div id="ConfluenceContent"><p>The TLSClientParameters are listed <a shape="rect" class="external-link" href="https://svn.apache.org/repos/asf/cxf/trunk/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java">here</a> and <a shape="rect" class="external-link" href="https://svn.apache.org/repos/asf/cxf/trunk/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java">here</a>. </p>
+
+<div class="table-wrap">
+<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"> Attribute </th><th colspan="1" rowspan="1" class="confluenceTh"> Default </th><th colspan="1" rowspan="1" class="confluenceTh"> Since </th><th colspan="1" rowspan="1" class="confluenceTh"> Description </th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>certConstraints</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> </td><td colspan="1" rowspan="1" class="confluenceTd"> </td><td colspan="1" rowspan="1" class="confluenceTd"> Certificate Constraints specification. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>cipherSuites</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> default sslContext cipher suites </td><td colspan="1" rowspan="1" class="confluenceTd"> </td><td colspan="1" rowspan="1" class="confluenceTd"> CipherSuites that will be supported. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>cipherS
uitesFilter</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> </td><td colspan="1" rowspan="1" class="confluenceTd"> </td><td colspan="1" rowspan="1" class="confluenceTd"> filters of the supported CipherSuites that will be supported and used if available. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>disableCNcheck</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>false</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> 2.0.5 </td><td colspan="1" rowspan="1" class="confluenceTd"> Indicates whether that the hostname given in the HTTPS URL will be checked against the service's Common Name (CN) given in its certificate during SOAP client requests, and failing if there is a mismatch. If set to <tt>true</tt> (<b>not recommended for production use</b>), such checks will be bypassed. That will allow you, for example, to use a URL such as <tt>localhost</tt> during development. </td></tr><tr><td colspan="1" rowspan="1" class=
"confluenceTd"> <tt>jsseProvider</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> default JVM provider associated with protocol </td><td colspan="1" rowspan="1" class="confluenceTd"> </td><td colspan="1" rowspan="1" class="confluenceTd"> JSSE provider name. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>keyManagers</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> JVM default Key Managers </td><td colspan="1" rowspan="1" class="confluenceTd"> </td><td colspan="1" rowspan="1" class="confluenceTd"> Key Managers to hold X509 certificates. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>secureRandomParameters</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> JVM default Secure Random </td><td colspan="1" rowspan="1" class="confluenceTd"> </td><td colspan="1" rowspan="1" class="confluenceTd"> SecureRandom specification. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>secureSocketPro
tocol</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> "TLS" </td><td colspan="1" rowspan="1" class="confluenceTd"> </td><td colspan="1" rowspan="1" class="confluenceTd"> Protocol Name. Most common example are "SSL", "TLS" or "TLSv1". </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>trustManagers</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> JVM default Trust Managers </td><td colspan="1" rowspan="1" class="confluenceTd"> </td><td colspan="1" rowspan="1" class="confluenceTd"> TrustManagers to validate peer X509 certificates. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>useHttpsURLConnectionDefaultSslSocketFactory</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>false</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> 2.2.7 </td><td colspan="1" rowspan="1" class="confluenceTd"> specifies if <a shape="rect" class="external-link" href="http://java.sun.com/javase/6/docs/api/javax/net/ssl
/HttpsURLConnection.html#getDefaultSSLSocketFactory()" rel="nofollow">HttpsURLConnection.getDefaultSSLSocketFactory()</a> should be used to create https connections. If '<tt>true</tt>', '<tt>jsseProvider</tt>', '<tt>secureSocketProtocol</tt>', '<tt>trustManagers</tt>', '<tt>keyManagers</tt>', '<tt>secureRandom</tt>', '<tt>cipherSuites</tt>' and '<tt>cipherSuitesFilter</tt>' configuration parameters are ignored. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>useHttpsURLConnectionDefaultHostnameVerifier</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>false</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> 2.2.7 </td><td colspan="1" rowspan="1" class="confluenceTd"> This attribute specifies if <a shape="rect" class="external-link" href="http://java.sun.com/javase/6/docs/api/javax/net/ssl/HttpsURLConnection.html#getDefaultHostnameVerifier()" rel="nofollow">HttpsURLConnection.getDefaultHostnameVerifier()</a> should be used to create https co
nnections. If '<tt>true</tt>', '<tt>disableCNCheck</tt>' configuration parameter is ignored. </td></tr></tbody></table>
+</div>
+
+
+
+<p>Note : <tt>disableCNcheck</tt> is a parameterized boolean, you can use a fixed variable <tt>true</tt>|<tt>false</tt> as well as a <a shape="rect" class="external-link" href="http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/beans.html#beans-factory-placeholderconfigurer" rel="nofollow">Spring externalized property</a> variable (e.g. <tt>${disable-https-hostname-verification</tt>}) or a <a shape="rect" class="external-link" href="http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/expressions.html#expressions-beandef" rel="nofollow">Spring expression</a> (e.g. <tt>#{systemProperties['dev-mode']</tt>}).</p>
+
+<p>Sample : </p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeHeader panelHeader" style="border-bottom-width: 1px;"><b>HTTP conduit configuration disabling HTTP URL hostname verification (usage of localhost, etc)</b></div><div class="codeContent panelContent">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+ ...
+ <http-conf:conduit
+ name="{http://example.com/}HelloWorldServicePort.http-conduit">
+
+ <!-- deactivate HTTPS url hostname verification (localhost, etc) -->
+ <!-- WARNING ! disableCNcheck=true should NOT be used in production -->
+ <http-conf:tlsClientParameters disableCNcheck="true" />
+ ...
+ </http-conf:conduit>
+ ...
+]]></script>
+</div></div></div>
+ </div>
+ <!-- Content -->
+ </td>
+ </tr>
+ </table>
+ </td>
+ <td id="cell-2-2" colspan="2"> </td>
+ </tr>
+ <tr>
+ <td id="cell-3-0"> </td>
+ <td id="cell-3-1"> </td>
+ <td id="cell-3-2">
+ <div id="footer">
+ <!-- Footer -->
+ <div id="site-footer">
+ <a href="http://cxf.apache.org/privacy-policy.html">Privacy Policy</a> -
+ (<a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=34014457">edit page</a>)
+ (<a href="https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=34014457&showComments=true&showCommentArea=true#addcomment">add comment</a>)<br>
+ Apache CXF, CXF, Apache, the Apache feather logo are trademarks of The Apache Software Foundation.<br>
+ All other marks mentioned may be trademarks or registered trademarks of their respective owners.
+ </div>
+ <!-- Footer -->
+ </div>
+ </td>
+ <td id="cell-3-3"> </td>
+ <td id="cell-3-4"> </td>
+ </tr>
+ <tr>
+ <td id="cell-4-0" colspan="2"> </td>
+ <td id="cell-4-1"> </td>
+ <td id="cell-4-2" colspan="2"> </td>
+ </tr>
+</table>
+
+<script type="text/javascript">
+var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
+document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
+</script>
+<script type="text/javascript">
+try {
+var pageTracker = _gat._getTracker("UA-4458903-1");
+pageTracker._trackPageview();
+} catch(err) {}</script>
+
+</body>
+</html>
+