cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <dk...@apache.org>
Subject Re: How service-side HTTPS cipher suite filters are defined
Date Tue, 17 Aug 2010 18:09:02 GMT
On Tuesday 17 August 2010 9:59:54 am Glen Mazza wrote:
> Hello, I'd like to confirm something:
> 
> The CXF documentation shows where cipher suite filters can be defined on
> the client-side:
> http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
> 
> However, for service-side, you apparently need to configure the underlying
> servlet container and not the web service itself, for example here with
> Jetty:
> https://cwiki.apache.org/confluence/display/CXF20DOC/Standalone+HTTP+Transp
> ort http://fusesource.com/docs/framework/2.2/security/i343422.html
> 
> And Tomcat has a "ciphers" element that will apparently do the same thing:
> http://tomcat.apache.org/tomcat-6.0-doc/config/http.html.
> 
> So there is no web-service level configuration of cipher suite filters, but
> just that of the servlet container (or Endpoint implementation) hosting the
> web service, correct?

That's correct.   For the most part, the ciphers and such are part of the 
socket level negotiation of SSL/TLS.   Thus, it occurs long before CXF really 
has any say in anything.   That's why it needs to be configured on the 
container or jetty directly.


-- 
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog

Mime
View raw message