You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Glen Mazza <gl...@gmail.com> on 2010/08/17 15:59:54 UTC
How service-side HTTPS cipher suite filters are defined
Hello, I'd like to confirm something:
The CXF documentation shows where cipher suite filters can be defined on the
client-side:
http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
However, for service-side, you apparently need to configure the underlying
servlet container and not the web service itself, for example here with
Jetty:
https://cwiki.apache.org/confluence/display/CXF20DOC/Standalone+HTTP+Transport
http://fusesource.com/docs/framework/2.2/security/i343422.html
And Tomcat has a "ciphers" element that will apparently do the same thing:
http://tomcat.apache.org/tomcat-6.0-doc/config/http.html.
So there is no web-service level configuration of cipher suite filters, but
just that of the servlet container (or Endpoint implementation) hosting the
web service, correct?
Thanks,
Glen
--
View this message in context: http://cxf.547215.n5.nabble.com/How-service-side-HTTPS-cipher-suite-filters-are-defined-tp2638182p2638182.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: How service-side HTTPS cipher suite filters are defined
Posted by Daniel Kulp <dk...@apache.org>.
On Tuesday 17 August 2010 9:59:54 am Glen Mazza wrote:
> Hello, I'd like to confirm something:
>
> The CXF documentation shows where cipher suite filters can be defined on
> the client-side:
> http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
>
> However, for service-side, you apparently need to configure the underlying
> servlet container and not the web service itself, for example here with
> Jetty:
> https://cwiki.apache.org/confluence/display/CXF20DOC/Standalone+HTTP+Transp
> ort http://fusesource.com/docs/framework/2.2/security/i343422.html
>
> And Tomcat has a "ciphers" element that will apparently do the same thing:
> http://tomcat.apache.org/tomcat-6.0-doc/config/http.html.
>
> So there is no web-service level configuration of cipher suite filters, but
> just that of the servlet container (or Endpoint implementation) hosting the
> web service, correct?
That's correct. For the most part, the ciphers and such are part of the
socket level negotiation of SSL/TLS. Thus, it occurs long before CXF really
has any say in anything. That's why it needs to be configured on the
container or jetty directly.
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog