cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <dk...@apache.org>
Subject Re: Using a custom SSLSocketFactory in HttpsURLConnectionFactory
Date Tue, 13 Apr 2010 14:25:06 GMT
On Tuesday 13 April 2010 4:34:38 am Marcel Stör wrote:
> In http://www.mail-archive.com/users@cxf.apache.org/msg13706.html I
> asked how to configure CXF with a custom SSLSocketFactory. That issue
> clearly belongs to the users list.

I think this has been answered now on the users list by allowing config to use 
teh default SSLSocketFactory.   See the settings for 
useHttpsURLConnectionDefaultSslSocketFactory at:

http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
 
> The question why
> HttpsURLConnectionFactory.decorateWithTLS(HttpURLConnection) does not
> respect the (static) default SSLSocketFactory set through
> javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(SSLSocketFactor
> y), however, can only be answered by you - the CXF committers.
> 
> I suppose there's a valid reason for that behavior?

Well, every customer I've talked to and every use case they've presented 
pretty much says the "setDefaultSSLSocketFactory" method is not really usable 
in a complex application where you need to talk to multiple endpoints that 
have very different SSL requirements.   The CXF configs are setup to allow 
each target endpoint to have very different settings and configuration and CXF 
then uses that config to setup a properly configured SSLSocketFactory based on 
those settings.

-- 
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog

Mime
  • Unnamed multipart/alternative (inline, 7-Bit, 0 bytes)
View raw message