cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r928047 - in /websites/production/cxf/content: cache/docs.pageCache docs/tls-configuration.html
Date Wed, 05 Nov 2014 17:47:15 GMT
Author: buildbot
Date: Wed Nov  5 17:47:14 2014
New Revision: 928047

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/docs/tls-configuration.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/tls-configuration.html
==============================================================================
--- websites/production/cxf/content/docs/tls-configuration.html (original)
+++ websites/production/cxf/content/docs/tls-configuration.html Wed Nov  5 17:47:14 2014
@@ -117,11 +117,11 @@ Apache CXF -- TLS Configuration
            <!-- Content -->
            <div class="wiki-content">
 <div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1413819986046 {padding: 0px;}
-div.rbtoc1413819986046 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1413819986046 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1415209606058 {padding: 0px;}
+div.rbtoc1415209606058 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1415209606058 li {margin-left: 0px;padding-left: 0px;}
 
-/*]]>*/</style></p><div class="toc-macro rbtoc1413819986046">
+/*]]>*/</style></p><div class="toc-macro rbtoc1415209606058">
 <ul class="toc-indentation"><li><a shape="rect" href="#TLSConfiguration-TLSParameterscommontobothClientsandServers">TLS
Parameters common to both Clients and Servers</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#TLSConfiguration-KeyManagers">Key
Managers</a></li><li><a shape="rect" href="#TLSConfiguration-TrustManagers">Trust
Managers</a></li><li><a shape="rect" href="#TLSConfiguration-CipherSuitesFilter">CipherSuites
Filter</a></li><li><a shape="rect" href="#TLSConfiguration-CertConstraints">Cert
Constraints</a></li></ul>
 </li><li><a shape="rect" href="#TLSConfiguration-ClientTLSParameters">Client
TLS Parameters</a>
@@ -129,7 +129,7 @@ div.rbtoc1413819986046 li {margin-left: 
 </li><li><a shape="rect" href="#TLSConfiguration-ServerTLSParameters">Server
TLS Parameters</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#TLSConfiguration-ClientAuthentication">Client
Authentication</a></li></ul>
 </li></ul>
-</div><h1 id="TLSConfiguration-TLSParameterscommontobothClientsandServers">TLS
Parameters common to both Clients and Servers</h1><p>The TLS Parameters common
to both Clients and Servers are given <a shape="rect" class="external-link" href="https://svn.apache.org/repos/asf/cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java">here</a>:</p><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Attribute</p></th><th colspan="1"
rowspan="1" class="confluenceTh"><p>Default</p></th><th colspan="1"
rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>keyManagers</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>JVM default Key Managers</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Key Managers to hold X509 certificates.</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>tru
 stManagers</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>JVM
default Trust Managers</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>TrustManagers
to validate peer X509 certificates.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>jsseProvider</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>JVM default provider associated with
protocol</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>JSSE
provider name.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>cipherSuites</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>JVM default cipher suites</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>CipherSuites that will be supported.</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>cipherSuitesFilter</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>&#160;</p></td><td
colspan="1" rowspan="1" class="confluenceTd
 "><p>filters of the supported CipherSuites that will be supported and used if available.</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>certConstraints</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>&#160;</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Certificate Constraints specification.</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>secureRandomParameters</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>JVM default Secure Random</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>SecureRandom specification.</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>secureSocketProtocol</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>"TLS"</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Protocol Name. Most common example
are "SSL", "TLS" or "TLSv1".</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><co
 de>certAlias</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>&#160;</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Cert alias to use. Useful when keystore
has multiple certs.</p></td></tr></tbody></table></div><p>&#160;</p><p>Note
that from CXF 3.0.3 and 2.7.14, the SSLv3 protocol is disabled on the service side (if Jetty
is used) unless "SSLv3" is explicitly specified for the "secureSocketProtocol" parameter.</p><h2
id="TLSConfiguration-KeyManagers">Key Managers</h2><p>The Key Managers configuration
item is used to retrieve key information. It is required for a Server, but is only required
for a Client when the Server requires Client Authentication.</p><div class="code
panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width:
1px;"><b>Key Manager sample</b></div><div class="codeContent panelContent
pdl">
+</div><h1 id="TLSConfiguration-TLSParameterscommontobothClientsandServers">TLS
Parameters common to both Clients and Servers</h1><p>The TLS Parameters common
to both Clients and Servers are given <a shape="rect" class="external-link" href="https://svn.apache.org/repos/asf/cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java">here</a>:</p><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Attribute</p></th><th colspan="1"
rowspan="1" class="confluenceTh"><p>Default</p></th><th colspan="1"
rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>keyManagers</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>JVM default Key Managers</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Key Managers to hold X509 certificates.</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>tru
 stManagers</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>JVM
default Trust Managers</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>TrustManagers
to validate peer X509 certificates.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>jsseProvider</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>JVM default provider associated with
protocol</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>JSSE
provider name.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>cipherSuites</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>JVM default cipher suites</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>CipherSuites that will be supported.</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>cipherSuitesFilter</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>&#160;</p></td><td
colspan="1" rowspan="1" class="confluenceTd
 "><p>filters of the supported CipherSuites that will be supported and used if available.</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>certConstraints</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>&#160;</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Certificate Constraints specification.</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>secureRandomParameters</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>JVM default Secure Random</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>SecureRandom specification.</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>secureSocketProtocol</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>"TLS"</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Protocol Name. Most common example
are "SSL", "TLS" or "TLSv1".</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><co
 de>certAlias</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>&#160;</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Cert alias to use. Useful when keystore
has multiple certs.</p></td></tr></tbody></table></div><p>&#160;</p><p>Note
that from CXF 3.0.3 and 2.7.14, the SSLv3 protocol is disabled on the client side, and on
the service side (if Jetty is used), unless "SSLv3" is explicitly specified for the "secureSocketProtocol"
parameter.</p><h2 id="TLSConfiguration-KeyManagers">Key Managers</h2><p>The
Key Managers configuration item is used to retrieve key information. It is required for a
Server, but is only required for a Client when the Server requires Client Authentication.</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader
pdl" style="border-bottom-width: 1px;"><b>Key Manager sample</b></div><div
class="codeContent panelContent pdl">
 <script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
   &lt;httpj:tlsServerParameters&gt;
         ...
         &lt;sec:keyManagers keyPassword=&quot;stskpass&quot;&gt;
@@ -181,7 +181,7 @@ div.rbtoc1413819986046 li {margin-left: 
    &lt;http-conf:tlsClientParameters disableCNCheck=&quot;true&quot; /&gt;
    ...
 ]]></script>
-</div></div><h1 id="TLSConfiguration-ServerTLSParameters">Server TLS Parameters</h1><p>In
addition to the TLS Parameters common to both Clients and Servers, there are some parameters
that are <a shape="rect" class="external-link" href="https://svn.apache.org/repos/asf/cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSServerParameters.java">specific</a>
to Servers:</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th
colspan="1" rowspan="1" class="confluenceTh"><p>Attribute</p></th><th
colspan="1" rowspan="1" class="confluenceTh"><p>Default</p></th><th
colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>clientAuthentication</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Not "wanted" or "required"</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Allows you to configure whether client
authentication is "wanted" and/or "required.</p></td><
 /tr></tbody></table></div><h2 id="TLSConfiguration-ClientAuthentication">Client
Authentication</h2><p>This allows you to define whether client authentication
is wanted and/or required.</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>Client Authentication
sample</b></div><div class="codeContent panelContent pdl">
+</div></div><h1 id="TLSConfiguration-ServerTLSParameters">Server TLS Parameters</h1><p>In
addition to the TLS Parameters common to both Clients and Servers, there are some parameters
that are <a shape="rect" class="external-link" href="https://svn.apache.org/repos/asf/cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSServerParameters.java">specific</a>
to Servers:</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th
colspan="1" rowspan="1" class="confluenceTh"><p>Attribute</p></th><th
colspan="1" rowspan="1" class="confluenceTh"><p>Default</p></th><th
colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p><code>clientAuthentication</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Not "wanted" or "required"</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Allows you to configure whether client
authentication is "wanted" and/or "required.</p></td><
 /tr><tr><td colspan="1" rowspan="1" class="confluenceTd">excludeProtocols</td><td
colspan="1" rowspan="1" class="confluenceTd">SSLv3 is disabled by default for Jetty from
CXF 3.0.3 + 2.7.14</td><td colspan="1" rowspan="1" class="confluenceTd">The TLS
protocols to exclude.</td></tr></tbody></table></div><h2
id="TLSConfiguration-ClientAuthentication">Client Authentication</h2><p>This
allows you to define whether client authentication is wanted and/or required.</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader
pdl" style="border-bottom-width: 1px;"><b>Client Authentication sample</b></div><div
class="codeContent panelContent pdl">
 <script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
   &lt;httpj:tlsServerParameters&gt;
         ...
         &lt;sec:clientAuthentication want=&quot;true&quot; required=&quot;true&quot;
/&gt;



Mime
View raw message