You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by bu...@apache.org on 2014/12/09 18:46:50 UTC
svn commit: r932006 - in /websites/production/cxf/content:
cache/docs.pageCache docs/tls-configuration.html
Author: buildbot
Date: Tue Dec 9 17:46:49 2014
New Revision: 932006
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/docs.pageCache
websites/production/cxf/content/docs/tls-configuration.html
Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/docs/tls-configuration.html
==============================================================================
--- websites/production/cxf/content/docs/tls-configuration.html (original)
+++ websites/production/cxf/content/docs/tls-configuration.html Tue Dec 9 17:46:49 2014
@@ -117,11 +117,11 @@ Apache CXF -- TLS Configuration
<!-- Content -->
<div class="wiki-content">
<div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1415209606058 {padding: 0px;}
-div.rbtoc1415209606058 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1415209606058 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1418147187626 {padding: 0px;}
+div.rbtoc1418147187626 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1418147187626 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1415209606058">
+/*]]>*/</style></p><div class="toc-macro rbtoc1418147187626">
<ul class="toc-indentation"><li><a shape="rect" href="#TLSConfiguration-TLSParameterscommontobothClientsandServers">TLS Parameters common to both Clients and Servers</a>
<ul class="toc-indentation"><li><a shape="rect" href="#TLSConfiguration-KeyManagers">Key Managers</a></li><li><a shape="rect" href="#TLSConfiguration-TrustManagers">Trust Managers</a></li><li><a shape="rect" href="#TLSConfiguration-CipherSuitesFilter">CipherSuites Filter</a></li><li><a shape="rect" href="#TLSConfiguration-CertConstraints">Cert Constraints</a></li></ul>
</li><li><a shape="rect" href="#TLSConfiguration-ClientTLSParameters">Client TLS Parameters</a>
@@ -175,7 +175,7 @@ div.rbtoc1415209606058 li {margin-left:
...
</httpj:tlsServerParameters>
]]></script>
-</div></div><h1 id="TLSConfiguration-ClientTLSParameters">Client TLS Parameters</h1><p>In addition to the TLS Parameters common to both Clients and Servers, there are some parameters that are <a shape="rect" class="external-link" href="https://svn.apache.org/repos/asf/cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java">specific</a> to Clients:</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Attribute</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Default</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>disableCNCheck</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Indicates whether that the hostname given in the HTTPS URL will be checked against the service's Common Nam
e (CN) given in its certificate during requests, and failing if there is a mismatch. If set to <code>true</code> (<strong>not recommended for production use</strong>), such checks will be bypassed. That will allow you, for example, to use a URL such as <code>localhost</code> during development.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>sslSocketFactory</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>A SSLSocketFactory to use. All other bean properties are ignored if this is set.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>sslCacheTimeout</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>86400 seconds (24 hours)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>SSL Cache Timeout in seconds.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>useHttpsURLConnectionDefaultSslSocketFactory</
code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>This attribute specifies if <a shape="rect" class="external-link" href="http://java.sun.com/javase/6/docs/api/javax/net/ssl/HttpsURLConnection.html#getDefaultSSLSocketFactory()" rel="nofollow">HttpsURLConnection.getDefaultSSLSocketFactory()</a> should be used to create https connections. If '<code>true</code>', '<code>jsseProvider</code>', '<code>secureSocketProtocol</code>', '<code>trustManagers</code>', '<code>keyManagers</code>', '<code>secureRandom</code>', '<code>cipherSuites</code>' and '<code>cipherSuitesFilter</code>' configuration parameters are ignored.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>useHttpsURLConnectionDefaultHostnameVerifier</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>This attribute s
pecifies if <a shape="rect" class="external-link" href="http://java.sun.com/javase/6/docs/api/javax/net/ssl/HttpsURLConnection.html#getDefaultHostnameVerifier()" rel="nofollow">HttpsURLConnection.getDefaultHostnameVerifier()</a> should be used to create https connections. If '<code>true</code>', '<code>disableCNCheck</code>' configuration parameter is ignored.</p></td></tr></tbody></table></div><h2 id="TLSConfiguration-DisableCNCheck">Disable CN Check</h2><p><code>disableCNCheck</code> is a parameterized boolean, you can use a fixed variable <code>true</code>|<code>false</code> as well as a <a shape="rect" class="external-link" href="http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/beans.html#beans-factory-placeholderconfigurer" rel="nofollow">Spring externalized property</a> variable (e.g. <code>${disable-https-hostname-verification</code>}) or a <a shape="rect" class="external-link" href="http://static.springsource.org/spring/docs/3.0.x/spring-frame
work-reference/html/expressions.html#expressions-beandef" rel="nofollow">Spring expression</a> (e.g. <code>#{systemProperties['dev-mode']</code>}).</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>HTTP conduit configuration disabling HTTP URL hostname verification (usage of localhost, etc)</b></div><div class="codeContent panelContent pdl">
+</div></div><h1 id="TLSConfiguration-ClientTLSParameters">Client TLS Parameters</h1><p>In addition to the TLS Parameters common to both Clients and Servers, there are some parameters that are <a shape="rect" class="external-link" href="https://svn.apache.org/repos/asf/cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java">specific</a> to Clients:</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Attribute</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Default</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>disableCNCheck</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Indicates whether that the hostname given in the HTTPS URL will be checked against the service's Common Nam
e (CN) given in its certificate during requests, and failing if there is a mismatch. If set to <code>true</code> (<strong>not recommended for production use</strong>), such checks will be bypassed. That will allow you, for example, to use a URL such as <code>localhost</code> during development.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>sslSocketFactory</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>A SSLSocketFactory to use. All other bean properties are ignored if this is set.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>sslCacheTimeout</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>86400 seconds (24 hours)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>SSL Cache Timeout in seconds.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>useHttpsURLConnectionDefaultSslSocketFactory</
code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>This attribute specifies if <a shape="rect" class="external-link" href="http://java.sun.com/javase/6/docs/api/javax/net/ssl/HttpsURLConnection.html#getDefaultSSLSocketFactory()" rel="nofollow">HttpsURLConnection.getDefaultSSLSocketFactory()</a> should be used to create https connections. If '<code>true</code>', '<code>jsseProvider</code>', '<code>secureSocketProtocol</code>', '<code>trustManagers</code>', '<code>keyManagers</code>', '<code>secureRandom</code>', '<code>cipherSuites</code>' and '<code>cipherSuitesFilter</code>' configuration parameters are ignored.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>useHttpsURLConnectionDefaultHostnameVerifier</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>This attribute s
pecifies if <a shape="rect" class="external-link" href="http://java.sun.com/javase/6/docs/api/javax/net/ssl/HttpsURLConnection.html#getDefaultHostnameVerifier()" rel="nofollow">HttpsURLConnection.getDefaultHostnameVerifier()</a> should be used to create https connections. If '<code>true</code>', '<code>disableCNCheck</code>' configuration parameter is ignored.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">hostnameVerifier</td><td colspan="1" rowspan="1" class="confluenceTd"> </td><td colspan="1" rowspan="1" class="confluenceTd">A custom HostnameVerifier instance to use</td></tr></tbody></table></div><h2 id="TLSConfiguration-DisableCNCheck">Disable CN Check</h2><p><code>disableCNCheck</code> is a parameterized boolean, you can use a fixed variable <code>true</code>|<code>false</code> as well as a <a shape="rect" class="external-link" href="http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/beans.html#beans-factory-placeholderconf
igurer" rel="nofollow">Spring externalized property</a> variable (e.g. <code>${disable-https-hostname-verification</code>}) or a <a shape="rect" class="external-link" href="http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/expressions.html#expressions-beandef" rel="nofollow">Spring expression</a> (e.g. <code>#{systemProperties['dev-mode']</code>}).</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>HTTP conduit configuration disabling HTTP URL hostname verification (usage of localhost, etc)</b></div><div class="codeContent panelContent pdl">
<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[ <!-- deactivate HTTPS url hostname verification (localhost, etc) -->
<!-- WARNING ! disableCNcheck=true should NOT be used in production -->
<http-conf:tlsClientParameters disableCNCheck="true" />