cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bernhard Thalmayr <bernhard.thalm...@painstakingminds.com>
Subject Re: Question on SSL caching
Date Sun, 05 Feb 2012 14:26:59 GMT
The 'no-cache' Cache-Control setting receides on 'HTTP'-protocol layer not
on 'SSL'-protocol layer.

I don't now CXF code in detail, but it seems that the SSL-transport can not
be configured in the way you need it.

However as with 'browser' connections a full handshake has to be made if no
'HTTP-keep-alive' is used.

You may try setting connection="close" in the http configuration and make
another network trace ... it should look different.

If CXF does not reuse the underlying TCP/HTTP connection it's always better
to close the connection to save the servers's keep-alive system from
starvation.

-Bernhard

On Sat, Feb 4, 2012 at 11:06 PM, JKemp <kemp.jacob@gmail.com> wrote:

>
> Bernhard Thalmayr wrote
> >
> > So you don't see a 'ServerHello' in the log? This means the Client
> Request
> > is not seen/received by the server.
> >
> > You may have to do a network trace and look at the TCP connection(s)
> > themselves.
> >
>
> I got some packet captures from the networking team that hosts the service,
> but I'm not all that familiar with how to ready the finer details.  It
> looks
> like they're kicking back the handshake failure after they receive our
> Client Hello, but I'm not sure why that's the case, since our original
> connection succeeds:
>
>
> 2844       101259.108606   x.x.67.14       x.x.31.5         SSLv3     300
> Client Hello
>
> 2846       101259.190816   x.x.31.5         x.x.67.14       SSLv3     73
> Alert (Level: Fatal, Description: Handshake Failure)
>
> I thought it might be an issue with reusing the cached SSL session (just a
> wild guess on my part) so I thought if I could disable the reuse of the
> session it would start from scratch and work like the original connection.
> But like I said, the CacheControl settings didn't seem to do anything
> (although, again, I was just guessing that the "no-cache" setting would
> have
> the desired effect of ignoring the cached SSL session.  Is that a valid
> assumption that that's what the no-cache setting is supposed to do?)
>
> Thanks in advance for any help with this.
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Question-on-SSL-caching-tp5455499p5457036.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>



-- 
IT-Consulting Bernhard Thalmayr
- Painstaking Minds -
83620 Vagen (Munich area)
Germany

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message