|
| Attribute | Default | Since | Description |
|---|---|---|---|
| certConstraints | Certificate Constraints specification. | ||
| cipherSuites | default sslContext cipher suites | CipherSuites that will be supported. | |
| cipherSuitesFilter | filters of the supported CipherSuites that will be supported and used if available. | ||
| disableCNcheck | false | 2.0.5 | Indicates whether that the hostname given in the HTTPS URL will be checked against the service's Common Name (CN) given in its certificate during SOAP client requests, and failing if there is a mismatch. If set to true (not recommended for production use), such checks will be bypassed. That will allow you, for example, to use a URL such as localhost during development. |
| jsseProvider | default JVM provider associated with protocol | JSSE provider name. | |
| keyManagers | JVM default Key Managers | Key Managers to hold X509 certificates. | |
| secureRandomParameters | JVM default Secure Random | SecureRandom specification. | |
| secureSocketProtocol | "TLS" | Protocol Name. Most common example are "SSL", "TLS" or "TLSv1". | |
| trustManagers | JVM default Trust Managers | TrustManagers to validate peer X509 certificates. | |
| useHttpsURLConnectionDefaultSslSocketFactory | false | 2.2.7 | specifies if HttpsURLConnection.getDefaultSSLSocketFactory() should be used to create https connections. If 'true', 'jsseProvider', 'secureSocketProtocol', 'trustManagers', 'keyManagers', 'secureRandom', 'cipherSuites' and 'cipherSuitesFilter' configuration parameters are ignored. |
| useHttpsURLConnectionDefaultHostnameVerifier | false | 2.2.7 | This attribute specifies if HttpsURLConnection.getDefaultHostnameVerifier() should be used to create https connections. If 'true', 'disableCNCheck' configuration parameter is ignored. |
Note : disableCNcheck is a parameterized boolean, you can use a fixed variable true|false as well as a Spring externalized property variable (e.g. ${disable-https-hostname-verification}) or a Spring _expression_ (e.g. #{systemProperties['dev-mode']}).
Sample :
HTTP conduit configuration disabling HTTP URL hostname verification (usage of localhost, etc)
...
<http-conf:conduit
name="{http://example.com/}HelloWorldServicePort.http-conduit"><!-- deactivate HTTPS url hostname verification (localhost, etc) --> <!-- WARNING ! disableCNcheck=true should NOT be used in production --> <http-conf:tlsClientParameters disableCNcheck="true" /> ... </http-conf:conduit> ...
