cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From boca2608 <boca2...@gmail.com>
Subject Re: CXF 3.0.4 server cannot receive message from TLS1.0 client
Date Mon, 04 May 2015 19:50:25 GMT
Hi Colm,

Thank you very much for your response.  I am not sure what you meant by
"complete service configuration" so I copied the entire <engine>
configuration here.  Please let me know if it is something else you would
like to see.

	<httpj:engine-factory bus="cxf">
		
		<httpj:engine port="${my.listener.port}">
			<httpj:tlsServerParameters>
				<sec:keyManagers keyPassword="${my.sslserver.keyalias.password}">
					<sec:keyStore type="${my.sslserver.keystore.type}" 
						password="${my.sslserver.keystore.password}"
						resource="${my.sslserver.keystore}" />
				</sec:keyManagers>
				<sec:trustManagers>
					<sec:keyStore type="${my.sslserver.keystore.type}" 
						password="${my.sslserver.keystore.password}"
						resource="${my.sslserver.keystore}" />
				</sec:trustManagers>

				<sec:cipherSuitesFilter>
					<sec:include>.*_EXPORT_.*</sec:include>
					<sec:include>.*_EXPORT1024_.*</sec:include>
					
					<sec:include>.*_WITH_3DES_.*</sec:include>
					<sec:include>.*_WITH_AES_.*</sec:include>
					<sec:include>.*_WITH_NULL_.*</sec:include>
					<sec:exclude>.*_DH_anon_.*</sec:exclude>
				</sec:cipherSuitesFilter>
					
				<sec:clientAuthentication want="false" required="false" />
			</httpj:tlsServerParameters>
		</httpj:engine>
	</httpj:engine-factory>

As for the client, it is a remote client owned by others so I cannot add
Java options for the client to debug it.  But here is some additional info
that may help:

1.  If I switch my application to run with CXF 3.0.2, everything would work. 
(That might be because the client could downgrade to SSLv3.)
2.  The client can communicate with an IIS server that has SSLv3 disabled
and TLS 1.0 enabled.

Thanks again.



--
View this message in context: http://cxf.547215.n5.nabble.com/CXF-3-0-4-server-cannot-receive-message-from-TLS1-0-client-tp5756863p5756962.html
Sent from the cxf-user mailing list archive at Nabble.com.

Mime
View raw message