cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r874605 - in /websites/production/cxf/content: cache/docs.pageCache docs/tls-configuration.html
Date Wed, 14 Aug 2013 15:48:16 GMT
Author: buildbot
Date: Wed Aug 14 15:48:15 2013
New Revision: 874605

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/docs/tls-configuration.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/tls-configuration.html
==============================================================================
--- websites/production/cxf/content/docs/tls-configuration.html (original)
+++ websites/production/cxf/content/docs/tls-configuration.html Wed Aug 14 15:48:15 2013
@@ -127,13 +127,26 @@ Apache CXF -- TLS Configuration
          <td height="100%">
            <!-- Content -->
            <div class="wiki-content">
-<div id="ConfluenceContent"><p>The TLSClientParameters are listed <a shape="rect"
class="external-link" href="https://svn.apache.org/repos/asf/cxf/trunk/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java">here</a>
and <a shape="rect" class="external-link" href="https://svn.apache.org/repos/asf/cxf/trunk/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java">here</a>.
 </p>
+<div id="ConfluenceContent"><div>
+<ul><li><a shape="rect" href="#TLSConfiguration-TLSParameterscommontobothClientsandServers">TLS
Parameters common to both Clients and Servers</a></li><li><a shape="rect"
href="#TLSConfiguration-ClientTLSParameters">Client TLS Parameters</a></li><li><a
shape="rect" href="#TLSConfiguration-ServerTLSParameters">Server TLS Parameters</a></li></ul></div>
+
+<h1><a shape="rect" name="TLSConfiguration-TLSParameterscommontobothClientsandServers"></a>TLS
Parameters common to both Clients and Servers</h1>
+
+<p>The TLS Parameters common to both Clients and Servers are given <a shape="rect"
class="external-link" href="https://svn.apache.org/repos/asf/cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java">here</a>:</p>
 
 <div class="table-wrap">
-<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"> Attribute </th><th colspan="1" rowspan="1" class="confluenceTh">
Default </th><th colspan="1" rowspan="1" class="confluenceTh"> Since </th><th
colspan="1" rowspan="1" class="confluenceTh"> Description </th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>certConstraints</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd">&#160;</td><td colspan="1" rowspan="1"
class="confluenceTd">&#160;</td><td colspan="1" rowspan="1" class="confluenceTd">
Certificate Constraints specification. </td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>cipherSuites</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> default sslContext cipher suites </td><td colspan="1"
rowspan="1" class="confluenceTd">&#160;</td><td colspan="1" rowspan="1" class="confluenceTd">
CipherSuites that will be supported. </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>cipherS
 uitesFilter</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">&#160;</td><td
colspan="1" rowspan="1" class="confluenceTd">&#160;</td><td colspan="1" rowspan="1"
class="confluenceTd"> filters of the supported CipherSuites that will be supported and
used if available. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>disableCNcheck</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">
<tt>false</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">
2.0.5 </td><td colspan="1" rowspan="1" class="confluenceTd"> Indicates whether
that the hostname given in the HTTPS URL will be checked against the service's Common Name
(CN) given in its certificate during SOAP client requests, and failing if there is a mismatch.
 If set to <tt>true</tt> (<b>not recommended for production use</b>),
such checks will be bypassed.  That will allow you, for example, to use a URL such as <tt>localhost</tt>
during development. </td></tr><tr><td colspan="1" rowspan="1" class=
 "confluenceTd"> <tt>jsseProvider</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> default JVM provider associated with protocol </td><td colspan="1"
rowspan="1" class="confluenceTd">&#160;</td><td colspan="1" rowspan="1" class="confluenceTd">
JSSE provider name. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>keyManagers</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">
JVM default Key Managers </td><td colspan="1" rowspan="1" class="confluenceTd">&#160;</td><td
colspan="1" rowspan="1" class="confluenceTd"> Key Managers to hold X509 certificates. </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>secureRandomParameters</tt>
</td><td colspan="1" rowspan="1" class="confluenceTd"> JVM default Secure Random
</td><td colspan="1" rowspan="1" class="confluenceTd">&#160;</td><td
colspan="1" rowspan="1" class="confluenceTd"> SecureRandom specification. </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>secureSocketPro
 tocol</tt> </td><td colspan="1" rowspan="1" class="confluenceTd"> "TLS"
</td><td colspan="1" rowspan="1" class="confluenceTd">&#160;</td><td
colspan="1" rowspan="1" class="confluenceTd"> Protocol Name. Most common example are "SSL",
"TLS" or "TLSv1". </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>trustManagers</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">
JVM default Trust Managers </td><td colspan="1" rowspan="1" class="confluenceTd">&#160;</td><td
colspan="1" rowspan="1" class="confluenceTd"> TrustManagers to validate peer X509 certificates.
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>useHttpsURLConnectionDefaultSslSocketFactory</tt>
</td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>false</tt>
</td><td colspan="1" rowspan="1" class="confluenceTd"> 2.2.7 </td><td
colspan="1" rowspan="1" class="confluenceTd"> specifies if <a shape="rect" class="external-link"
href="http://java.sun.com/javase/6/docs/api/javax/net/ssl
 /HttpsURLConnection.html#getDefaultSSLSocketFactory()" rel="nofollow">HttpsURLConnection.getDefaultSSLSocketFactory()</a>
should be used to create https connections. If '<tt>true</tt>', '<tt>jsseProvider</tt>',
'<tt>secureSocketProtocol</tt>', '<tt>trustManagers</tt>', '<tt>keyManagers</tt>',
'<tt>secureRandom</tt>', '<tt>cipherSuites</tt>' and '<tt>cipherSuitesFilter</tt>'
configuration parameters are ignored. </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>useHttpsURLConnectionDefaultHostnameVerifier</tt>
</td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>false</tt>
</td><td colspan="1" rowspan="1" class="confluenceTd"> 2.2.7 </td><td
colspan="1" rowspan="1" class="confluenceTd"> This attribute specifies if <a shape="rect"
class="external-link" href="http://java.sun.com/javase/6/docs/api/javax/net/ssl/HttpsURLConnection.html#getDefaultHostnameVerifier()"
rel="nofollow">HttpsURLConnection.getDefaultHostnameVerifier()</a> should be used
to create https co
 nnections. If '<tt>true</tt>', '<tt>disableCNCheck</tt>' configuration
parameter is ignored. </td></tr></tbody></table>
+<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"> Attribute </th><th colspan="1" rowspan="1" class="confluenceTh">
Default </th><th colspan="1" rowspan="1" class="confluenceTh"> Description </th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>keyManagers</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd"> JVM default Key Managers </td><td
colspan="1" rowspan="1" class="confluenceTd"> Key Managers to hold X509 certificates. </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>trustManagers</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd"> JVM default Trust Managers </td><td
colspan="1" rowspan="1" class="confluenceTd"> TrustManagers to validate peer X509 certificates.
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>jsseProvider</tt>
</td><td colspan="1" rowspan="1" class="confluenceTd"> JVM default provider associated
with protocol </td><td colspan="1" rowspan="1" class="conf
 luenceTd"> JSSE provider name. </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>cipherSuites</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> JVM default cipher suites </td><td colspan="1" rowspan="1"
class="confluenceTd"> CipherSuites that will be supported. </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>cipherSuitesFilter</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd">&#160;</td><td colspan="1" rowspan="1"
class="confluenceTd"> filters of the supported CipherSuites that will be supported and
used if available. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>certConstraints</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">&#160;</td><td
colspan="1" rowspan="1" class="confluenceTd"> Certificate Constraints specification. </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>secureRandom</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd"> JVM default Secure Random </td><
 td colspan="1" rowspan="1" class="confluenceTd"> SecureRandom specification. </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>secureSocketProtocol</tt>
</td><td colspan="1" rowspan="1" class="confluenceTd"> "TLS" </td><td
colspan="1" rowspan="1" class="confluenceTd"> Protocol Name. Most common example are "SSL",
"TLS" or "TLSv1". </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>certAlias</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">&#160;</td><td
colspan="1" rowspan="1" class="confluenceTd"> Cert alias to use. Useful when keystore has
multiple certs. </td></tr></tbody></table>
 </div>
 
 
+<h1><a shape="rect" name="TLSConfiguration-ClientTLSParameters"></a>Client
TLS Parameters</h1>
+
+<p>In addition to the TLS Parameters common to both Clients and Servers, there are
some parameters that are <a shape="rect" class="external-link" href="https://svn.apache.org/repos/asf/cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java">specific</a>
to Clients:</p>
+
+<div class="table-wrap">
+<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"> Attribute </th><th colspan="1" rowspan="1" class="confluenceTh">
Default </th><th colspan="1" rowspan="1" class="confluenceTh"> Description </th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>disableCNcheck</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>false</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd"> Indicates whether that the hostname given
in the HTTPS URL will be checked against the service's Common Name (CN) given in its certificate
during requests, and failing if there is a mismatch.  If set to <tt>true</tt>
(<b>not recommended for production use</b>), such checks will be bypassed.  That
will allow you, for example, to use a URL such as <tt>localhost</tt> during development.
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>sslSocketFactory</tt>
</td><td colspan="1" rowspan="1" class="confluenceTd">&#160;</td><td
colspa
 n="1" rowspan="1" class="confluenceTd"> A SSLSocketFactory to use. All other bean properties
are ignored if this is set. </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>sslCacheTimeout</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> 86400 seconds (24 hours) </td><td colspan="1"
rowspan="1" class="confluenceTd"> SSL Cache Timeout in seconds. </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>useHttpsURLConnectionDefaultSslSocketFactory</tt>
</td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>false</tt>
</td><td colspan="1" rowspan="1" class="confluenceTd"> This attribute specifies
if <a shape="rect" class="external-link" href="http://java.sun.com/javase/6/docs/api/javax/net/ssl/HttpsURLConnection.html#getDefaultSSLSocketFactory()"
rel="nofollow">HttpsURLConnection.getDefaultSSLSocketFactory()</a> should be used
to create https connections. If '<tt>true</tt>', '<tt>jsseProvider</tt>',
'<tt>secureSocketProtocol</tt>', '<tt>trustMa
 nagers</tt>', '<tt>keyManagers</tt>', '<tt>secureRandom</tt>',
'<tt>cipherSuites</tt>' and '<tt>cipherSuitesFilter</tt>' configuration
parameters are ignored. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>useHttpsURLConnectionDefaultHostnameVerifier</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>false</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> This attribute specifies if <a shape="rect" class="external-link"
href="http://java.sun.com/javase/6/docs/api/javax/net/ssl/HttpsURLConnection.html#getDefaultHostnameVerifier()"
rel="nofollow">HttpsURLConnection.getDefaultHostnameVerifier()</a> should be used
to create https connections. If '<tt>true</tt>', '<tt>disableCNCheck</tt>'
configuration parameter is ignored. </td></tr></tbody></table>
+</div>
+
 
 <p>Note :  <tt>disableCNcheck</tt> is a parameterized boolean, you can
use a fixed variable <tt>true</tt>|<tt>false</tt> as well as a <a
shape="rect" class="external-link" href="http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/beans.html#beans-factory-placeholderconfigurer"
rel="nofollow">Spring externalized property</a> variable (e.g. <tt>${disable-https-hostname-verification</tt>})
or a <a shape="rect" class="external-link" href="http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/expressions.html#expressions-beandef"
rel="nofollow">Spring expression</a> (e.g. <tt>#{systemProperties['dev-mode']</tt>}).</p>
 
@@ -152,7 +165,17 @@ Apache CXF -- TLS Configuration
  &lt;/http-conf:conduit&gt;
  ...
 ]]></script>
-</div></div></div>
+</div></div>
+
+<h1><a shape="rect" name="TLSConfiguration-ServerTLSParameters"></a>Server
TLS Parameters</h1>
+
+<p>In addition to the TLS Parameters common to both Clients and Servers, there are
some parameters that are <a shape="rect" class="external-link" href="https://svn.apache.org/repos/asf/cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSServerParameters.java">specific</a>
to Servers:</p>
+
+<div class="table-wrap">
+<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"> Attribute </th><th colspan="1" rowspan="1" class="confluenceTh">
Default </th><th colspan="1" rowspan="1" class="confluenceTh"> Description </th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>clientAuthentication</tt>
</td><td colspan="1" rowspan="1" class="confluenceTd"> Not "wanted" or "required"
</td><td colspan="1" rowspan="1" class="confluenceTd"> Allows you to configure
whether client authentication is "wanted" and/or "required. </td></tr></tbody></table>
+</div>
+
+</div>
            </div>
            <!-- Content -->
          </td>



Mime
View raw message