cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r874614 - in /websites/production/cxf/content: cache/docs.pageCache docs/tls-configuration.html
Date Wed, 14 Aug 2013 16:48:14 GMT
Author: buildbot
Date: Wed Aug 14 16:48:14 2013
New Revision: 874614

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/docs/tls-configuration.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/tls-configuration.html
==============================================================================
--- websites/production/cxf/content/docs/tls-configuration.html (original)
+++ websites/production/cxf/content/docs/tls-configuration.html Wed Aug 14 16:48:14 2013
@@ -135,7 +135,7 @@ Apache CXF -- TLS Configuration
 <p>The TLS Parameters common to both Clients and Servers are given <a shape="rect"
class="external-link" href="https://svn.apache.org/repos/asf/cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java">here</a>:</p>
 
 <div class="table-wrap">
-<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"> Attribute </th><th colspan="1" rowspan="1" class="confluenceTh">
Default </th><th colspan="1" rowspan="1" class="confluenceTh"> Description </th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>keyManagers</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd"> JVM default Key Managers </td><td
colspan="1" rowspan="1" class="confluenceTd"> Key Managers to hold X509 certificates. </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>trustManagers</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd"> JVM default Trust Managers </td><td
colspan="1" rowspan="1" class="confluenceTd"> TrustManagers to validate peer X509 certificates.
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>jsseProvider</tt>
</td><td colspan="1" rowspan="1" class="confluenceTd"> JVM default provider associated
with protocol </td><td colspan="1" rowspan="1" class="conf
 luenceTd"> JSSE provider name. </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>cipherSuites</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> JVM default cipher suites </td><td colspan="1" rowspan="1"
class="confluenceTd"> CipherSuites that will be supported. </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>cipherSuitesFilter</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd">&#160;</td><td colspan="1" rowspan="1"
class="confluenceTd"> filters of the supported CipherSuites that will be supported and
used if available. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>certConstraints</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">&#160;</td><td
colspan="1" rowspan="1" class="confluenceTd"> Certificate Constraints specification. </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>secureRandom</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd"> JVM default Secure Random </td><
 td colspan="1" rowspan="1" class="confluenceTd"> SecureRandom specification. </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>secureSocketProtocol</tt>
</td><td colspan="1" rowspan="1" class="confluenceTd"> "TLS" </td><td
colspan="1" rowspan="1" class="confluenceTd"> Protocol Name. Most common example are "SSL",
"TLS" or "TLSv1". </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>certAlias</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">&#160;</td><td
colspan="1" rowspan="1" class="confluenceTd"> Cert alias to use. Useful when keystore has
multiple certs. </td></tr></tbody></table>
+<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"> Attribute </th><th colspan="1" rowspan="1" class="confluenceTh">
Default </th><th colspan="1" rowspan="1" class="confluenceTh"> Description </th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>keyManagers</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd"> JVM default Key Managers </td><td
colspan="1" rowspan="1" class="confluenceTd"> Key Managers to hold X509 certificates. </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>trustManagers</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd"> JVM default Trust Managers </td><td
colspan="1" rowspan="1" class="confluenceTd"> TrustManagers to validate peer X509 certificates.
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>jsseProvider</tt>
</td><td colspan="1" rowspan="1" class="confluenceTd"> JVM default provider associated
with protocol </td><td colspan="1" rowspan="1" class="conf
 luenceTd"> JSSE provider name. </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>cipherSuites</tt> </td><td colspan="1" rowspan="1"
class="confluenceTd"> JVM default cipher suites </td><td colspan="1" rowspan="1"
class="confluenceTd"> CipherSuites that will be supported. </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>cipherSuitesFilter</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd">&#160;</td><td colspan="1" rowspan="1"
class="confluenceTd"> filters of the supported CipherSuites that will be supported and
used if available. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>certConstraints</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">&#160;</td><td
colspan="1" rowspan="1" class="confluenceTd"> Certificate Constraints specification. </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>secureRandomParameters</tt>
</td><td colspan="1" rowspan="1" class="confluenceTd"> JVM default Secure Ran
 dom </td><td colspan="1" rowspan="1" class="confluenceTd"> SecureRandom specification.
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>secureSocketProtocol</tt>
</td><td colspan="1" rowspan="1" class="confluenceTd"> "TLS" </td><td
colspan="1" rowspan="1" class="confluenceTd"> Protocol Name. Most common example are "SSL",
"TLS" or "TLSv1". </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>certAlias</tt> </td><td colspan="1" rowspan="1" class="confluenceTd">&#160;</td><td
colspan="1" rowspan="1" class="confluenceTd"> Cert alias to use. Useful when keystore has
multiple certs. </td></tr></tbody></table>
 </div>
 
 
@@ -144,11 +144,11 @@ Apache CXF -- TLS Configuration
 <p>In addition to the TLS Parameters common to both Clients and Servers, there are
some parameters that are <a shape="rect" class="external-link" href="https://svn.apache.org/repos/asf/cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java">specific</a>
to Clients:</p>
 
 <div class="table-wrap">
-<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"> Attribute </th><th colspan="1" rowspan="1" class="confluenceTh">
Default </th><th colspan="1" rowspan="1" class="confluenceTh"> Description </th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>disableCNcheck</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>false</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd"> Indicates whether that the hostname given
in the HTTPS URL will be checked against the service's Common Name (CN) given in its certificate
during requests, and failing if there is a mismatch.  If set to <tt>true</tt>
(<b>not recommended for production use</b>), such checks will be bypassed.  That
will allow you, for example, to use a URL such as <tt>localhost</tt> during development.
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>sslSocketFactory</tt>
</td><td colspan="1" rowspan="1" class="confluenceTd">&#160;</td><td
colspa
 n="1" rowspan="1" class="confluenceTd"> A SSLSocketFactory to use. All other bean properties
are ignored if this is set. </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>sslCacheTimeout</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> 86400 seconds (24 hours) </td><td colspan="1"
rowspan="1" class="confluenceTd"> SSL Cache Timeout in seconds. </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>useHttpsURLConnectionDefaultSslSocketFactory</tt>
</td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>false</tt>
</td><td colspan="1" rowspan="1" class="confluenceTd"> This attribute specifies
if <a shape="rect" class="external-link" href="http://java.sun.com/javase/6/docs/api/javax/net/ssl/HttpsURLConnection.html#getDefaultSSLSocketFactory()"
rel="nofollow">HttpsURLConnection.getDefaultSSLSocketFactory()</a> should be used
to create https connections. If '<tt>true</tt>', '<tt>jsseProvider</tt>',
'<tt>secureSocketProtocol</tt>', '<tt>trustMa
 nagers</tt>', '<tt>keyManagers</tt>', '<tt>secureRandom</tt>',
'<tt>cipherSuites</tt>' and '<tt>cipherSuitesFilter</tt>' configuration
parameters are ignored. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>useHttpsURLConnectionDefaultHostnameVerifier</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>false</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> This attribute specifies if <a shape="rect" class="external-link"
href="http://java.sun.com/javase/6/docs/api/javax/net/ssl/HttpsURLConnection.html#getDefaultHostnameVerifier()"
rel="nofollow">HttpsURLConnection.getDefaultHostnameVerifier()</a> should be used
to create https connections. If '<tt>true</tt>', '<tt>disableCNCheck</tt>'
configuration parameter is ignored. </td></tr></tbody></table>
+<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"> Attribute </th><th colspan="1" rowspan="1" class="confluenceTh">
Default </th><th colspan="1" rowspan="1" class="confluenceTh"> Description </th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>disableCNCheck</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>false</tt> </td><td
colspan="1" rowspan="1" class="confluenceTd"> Indicates whether that the hostname given
in the HTTPS URL will be checked against the service's Common Name (CN) given in its certificate
during requests, and failing if there is a mismatch.  If set to <tt>true</tt>
(<b>not recommended for production use</b>), such checks will be bypassed.  That
will allow you, for example, to use a URL such as <tt>localhost</tt> during development.
</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> <tt>sslSocketFactory</tt>
</td><td colspan="1" rowspan="1" class="confluenceTd">&#160;</td><td
colspa
 n="1" rowspan="1" class="confluenceTd"> A SSLSocketFactory to use. All other bean properties
are ignored if this is set. </td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> <tt>sslCacheTimeout</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> 86400 seconds (24 hours) </td><td colspan="1"
rowspan="1" class="confluenceTd"> SSL Cache Timeout in seconds. </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> <tt>useHttpsURLConnectionDefaultSslSocketFactory</tt>
</td><td colspan="1" rowspan="1" class="confluenceTd"> <tt>false</tt>
</td><td colspan="1" rowspan="1" class="confluenceTd"> This attribute specifies
if <a shape="rect" class="external-link" href="http://java.sun.com/javase/6/docs/api/javax/net/ssl/HttpsURLConnection.html#getDefaultSSLSocketFactory()"
rel="nofollow">HttpsURLConnection.getDefaultSSLSocketFactory()</a> should be used
to create https connections. If '<tt>true</tt>', '<tt>jsseProvider</tt>',
'<tt>secureSocketProtocol</tt>', '<tt>trustMa
 nagers</tt>', '<tt>keyManagers</tt>', '<tt>secureRandom</tt>',
'<tt>cipherSuites</tt>' and '<tt>cipherSuitesFilter</tt>' configuration
parameters are ignored. </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
<tt>useHttpsURLConnectionDefaultHostnameVerifier</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> <tt>false</tt> </td><td colspan="1"
rowspan="1" class="confluenceTd"> This attribute specifies if <a shape="rect" class="external-link"
href="http://java.sun.com/javase/6/docs/api/javax/net/ssl/HttpsURLConnection.html#getDefaultHostnameVerifier()"
rel="nofollow">HttpsURLConnection.getDefaultHostnameVerifier()</a> should be used
to create https connections. If '<tt>true</tt>', '<tt>disableCNCheck</tt>'
configuration parameter is ignored. </td></tr></tbody></table>
 </div>
 
 
-<p>Note :  <tt>disableCNcheck</tt> is a parameterized boolean, you can
use a fixed variable <tt>true</tt>|<tt>false</tt> as well as a <a
shape="rect" class="external-link" href="http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/beans.html#beans-factory-placeholderconfigurer"
rel="nofollow">Spring externalized property</a> variable (e.g. <tt>${disable-https-hostname-verification</tt>})
or a <a shape="rect" class="external-link" href="http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/expressions.html#expressions-beandef"
rel="nofollow">Spring expression</a> (e.g. <tt>#{systemProperties['dev-mode']</tt>}).</p>
+<p>Note :  <tt>disableCNCheck</tt> is a parameterized boolean, you can
use a fixed variable <tt>true</tt>|<tt>false</tt> as well as a <a
shape="rect" class="external-link" href="http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/beans.html#beans-factory-placeholderconfigurer"
rel="nofollow">Spring externalized property</a> variable (e.g. <tt>${disable-https-hostname-verification</tt>})
or a <a shape="rect" class="external-link" href="http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/expressions.html#expressions-beandef"
rel="nofollow">Spring expression</a> (e.g. <tt>#{systemProperties['dev-mode']</tt>}).</p>
 
 <p>Sample : </p>
 
@@ -160,7 +160,7 @@ Apache CXF -- TLS Configuration
 
    &lt;!-- deactivate HTTPS url hostname verification (localhost, etc)    --&gt;
    &lt;!-- WARNING ! disableCNcheck=true should NOT be used in production --&gt;
-   &lt;http-conf:tlsClientParameters disableCNcheck="true" /&gt;
+   &lt;http-conf:tlsClientParameters disableCNCheck="true" /&gt;
    ...
  &lt;/http-conf:conduit&gt;
  ...



Mime
View raw message