Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 02B2B10876 for ; Thu, 15 Aug 2013 10:48:27 +0000 (UTC) Received: (qmail 36822 invoked by uid 500); 15 Aug 2013 10:48:25 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 36705 invoked by uid 500); 15 Aug 2013 10:48:25 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 36696 invoked by uid 99); 15 Aug 2013 10:48:24 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 15 Aug 2013 10:48:24 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 15 Aug 2013 10:48:20 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 5D4EE2388A32 for ; Thu, 15 Aug 2013 10:47:59 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r874693 - in /websites/production/cxf/content: cache/docs.pageCache docs/tls-configuration.html Date: Thu, 15 Aug 2013 10:47:59 -0000 To: commits@cxf.apache.org From: buildbot@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20130815104759.5D4EE2388A32@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: buildbot Date: Thu Aug 15 10:47:58 2013 New Revision: 874693 Log: Production update by buildbot for cxf Modified: websites/production/cxf/content/cache/docs.pageCache websites/production/cxf/content/docs/tls-configuration.html Modified: websites/production/cxf/content/cache/docs.pageCache ============================================================================== Binary files - no diff available. Modified: websites/production/cxf/content/docs/tls-configuration.html ============================================================================== --- websites/production/cxf/content/docs/tls-configuration.html (original) +++ websites/production/cxf/content/docs/tls-configuration.html Thu Aug 15 10:47:58 2013 @@ -128,7 +128,7 @@ Apache CXF -- TLS Configuration

TLS Parameters common to both Clients and Servers

Key Managers
Trust Managers
CipherSuites Filter
Cert Constraints

Client TLS Parameters

Disable CN Check

Server TLS Parameters

Client Authentication

TLS Parameters common to both Clients and Servers

@@ -139,6 +139,82 @@ Apache CXF -- TLS Configuration

Key Managers

+ +

The Key Managers configuration item is used to retrieve key information. It is required for a Server, but is only required for a Client when the Server requires Client Authentication.

+ +

Key Manager sample

+
+

+ +

Trust Managers

+ +

The Trust Managers configuration item is used to validate trust in peer X.509 certificates. It is required for both Servers and Clients.

+ +

Trust Manager sample

+
+

+ +

CipherSuites Filter

+ +

The CipherSuites Filter is used to either include or exclude particular CipherSuites.

+ +

CipherSuites Filter sample

+
+

+ +

Cert Constraints

+ +

Cert constraints can be used by either the client or server to impose constraints on the peer certificates. This can be done by specifying a set of regular expressions on either the Subject DN (Distinguished Name) or the Issuer DN (or both) of the certificate. A "combinator" attribute can also be specified for either the SubjectDNConstraints or IssuerDNConstraints Elements. This attribute can be either "ANY" or "ALL", and refers to whether any or all of the defined regular expressions should apply. The default value is "ALL".

+ +

CipherSuites Filter sample

+
+

+ +

Client TLS Parameters

In addition to the TLS Parameters common to both Clients and Servers, there are some parameters that are specific to Clients:

@@ -148,22 +224,16 @@ Apache CXF -- TLS Configuration -

Note : disableCNCheck is a parameterized boolean, you can use a fixed variable true|false as well as a Spring externalized property variable (e.g. ${disable-https-hostname-verification}) or a Spring expression (e.g. #{systemProperties['dev-mode']}).

Disable CN Check

Sample :

disableCNCheck is a parameterized boolean, you can use a fixed variable true|false as well as a Spring externalized property variable (e.g. ${disable-https-hostname-verification}) or a Spring expression (e.g. #{systemProperties['dev-mode']}).

HTTP conduit configuration disabling HTTP URL hostname verification (usage of localhost, etc)

@@ -175,7 +245,20 @@ Apache CXF -- TLS Configuration

Attribute	Default	Description
`clientAuthentication`	Not "wanted" or "required"	Allows you to configure whether client authentication is "wanted" and/or "required.

- + +

Client Authentication

+ +

This allows you to define whether client authentication is wanted and/or required.

+ +

Client Authentication sample

+
+