cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fred Dushin <f...@dushin.net>
Subject Re: bug in sec:include / exclude ?
Date Fri, 14 Dec 2007 13:13:54 GMT
Interesting.  I wonder if this is related to

https://issues.apache.org/jira/browse/CXF-1222

Could I ask you to check your CPU utilization, while your server  
comes up?

On Dec 14, 2007, at 1:48 AM, Bc. Jiří Mikulášek wrote:

> Hi all,
> I wonder this problem when testiong how to force the hanshake to  
> one specific
> algorithm.
>
> The interesting thing is that on client site all works perfectly as  
> expected.
> On the server site something must be wrong, because I still didn't  
> catch the
> goal.
>
> To be more specific:
>
> Client configuration:
> <sec:cipherSuitesFilter>
> 		        <sec:include>SSL_RSA_WITH_NULL_SHA</sec:include>
>       		</sec:cipherSuitesFilter>
>
> Server configuration below should work, but I get either connection  
> timeout or
> outofmemory error.
> <sec:cipherSuitesFilter>
> 		        <sec:include>SSL_RSA_WITH_NULL_SHA</sec:include>
>       		</sec:cipherSuitesFilter>
>
> the same results
> <sec:cipherSuitesFilter>
> 		        <sec:exclude>SSL_RSA_WITH_NULL_SHA</sec:exclude>
>       		</sec:cipherSuitesFilter>
>
> On Friday 14 of December 2007 04:55:55 Fred Dushin wrote:
>> That doesn't seem right.  If the filters are not doing the right
>> thing, then this is definitely a bug and should be filed.
>>
>> Are you sure that the configuration you are specifying is getting
>> applied to the endpiont that's getting logged?
>>
>> I have not seen this behavior before, but I also don't know how well
>> the feature is tested in the code.
>>
>> -Fred
>>
>> On Dec 13, 2007, at 8:47 AM, Bc. Jiří Mikulášek wrote:
>>> Hi,
>>> I am using 2.0.2 and found strange behaviour:
>>>
>>> example:
>>>
>>> <sec:include>.*_WITH_RC4_.*</sec:include>
>>>         <sec:exclude>.*_RSA_WITH_NULL_SHA.*</sec:exclude>
>>>
>>> gives message:
>>> INFO: The cipher suites have been set to
>>> TLS_RSA_WITH_AES_128_CBC_SHA, .....
>>> containing RSA_WITH_NULL_SHA
>>>
>>> and
>>> <sec:include>.*_RSA_WITH_NULL_SHA.*</sec:include>
>>>         <sec:exclude>.*_WITH_RC4_.*</sec:exclude>
>>>
>>> gives the same but containing WITH_RC4 and not containing
>>> RSA_WITH_NULL_SHA
>>>
>>> is the message bad or the algorithm is bad?
>>> --
>>> Jiri Mikulasek
>>> ---------------------------------
>>> Developer
>>>
>>> AURA, s.r.o.
>>> Uvoz 499/56; 602 00 Brno
>>> ISO 9001 certified company
>>> AQAP 2110 (ČOS 051622)
>>> tel./fax: +420 544 508 115
>>> e-mail:  mikulasek@aura.cz
>>> http://www.aura.cz
>>> ---------------------------------
>
>
>
> -- 
> Jiri Mikulasek
> ---------------------------------
> Developer
>
> AURA, s.r.o.
> Uvoz 499/56; 602 00 Brno
> ISO 9001 certified company
> AQAP 2110 (ČOS 051622)
> tel./fax: +420 544 508 115
> e-mail:  mikulasek@aura.cz
> http://www.aura.cz
> ---------------------------------
>


Mime
View raw message