cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Schneider <jschnei...@revolutionehr.com>
Subject CXF client SSL pain
Date Thu, 11 Feb 2010 17:25:05 GMT

CXF 2.2.4 client trying to access an Axis2 soap web service over SSL

I can't get my CXF client to get past the SSL handshake, but the sample
Axis2 client from the web service developer works fine. Here's my config:

   <http:conduit name="*.http-conduit">
	
	    <http:tlsClientParameters secureSocketProtocol="SSL"
disableCNCheck="true">				
	      <sec:keyManagers >		  
	            <sec:keyStore type="PKCS12" password="testing" 										
file="C:\projects\hit-ws\Epp\test.eyeappts.com.p12"
		    />								
	      </sec:keyManagers>		  
	      <sec:trustManagers>		  
				<sec:keyStore type="JKS" password="trustword" 
					file="C:\projects\hit-ws\Epp\truststore"
				/>														
	      </sec:trustManagers>		  		  
	      <sec:cipherSuitesFilter>
			  <sec:include>.*{_}WITH_3DES{_}{*}*.*</sec:include>
			  <sec:include>.*{_}EXPORT{_}{*}*.*</sec:include>
			  <sec:include>.*{_}EXPORT1024{_}{*}*.*</sec:include>
			  <sec:include>.*{_}WITH_DES{_}{*}*.*</sec:include>
			  <sec:include>SSL_RSA_WITH_RC4_128_MD5</sec:include>
			  <sec:include>SSL_RSA_WITH_RC4_128_SHA</sec:include>
			  <sec:exclude>.*{_}WITH_NULL{_}{*}*.*</sec:exclude>
			  <sec:exclude>.*{_}DH_anon{_}{*}*.*</sec:exclude>
	      </sec:cipherSuitesFilter>		  
	    </http:tlsClientParameters>		
   </http:conduit>

I'm logging/tracing the SSL for both the successful Axis2 client and
unsuccessful CXF client and I see the ServerHelloDone message on both. Then,
on the Axis2 client, I see a "Certificate chain" message with a single entry
right before the ClientKeyExchange. On the CXF client, I see the
"Certificate chain" header, but no entry. 

Then, for the ClientKeyExchange, the Axis2 client sends 2 - 926 byte
messages, whereas the CXF client sends 2 - 141 byte messages. The Axis2
client finishes the SSL handshake successfully and moves on to the
application data. The CXF client has a failed handshake and then restarts
the ClientHello phase again. 

I'm stuck. Any help is appreciated. I can send complete SSL outputs for both
if that would help.
-- 
View this message in context: http://old.nabble.com/CXF-client-SSL-pain-tp27551100p27551100.html
Sent from the cxf-user mailing list archive at Nabble.com.


Mime
View raw message