Author: buildbot Date: Tue Dec 9 17:46:49 2014 New Revision: 932006 Log: Production update by buildbot for cxf
Modified: websites/production/cxf/content/cache/docs.pageCache websites/production/cxf/content/docs/tls-configuration.html Modified: websites/production/cxf/content/cache/docs.pageCache ============================================================================== Binary files - no diff available. Modified: websites/production/cxf/content/docs/tls-configuration.html ============================================================================== --- websites/production/cxf/content/docs/tls-configuration.html (original) +++ websites/production/cxf/content/docs/tls-configuration.html Tue Dec 9 17:46:49 2014 @@ -117,11 +117,11 @@ Apache CXF -- TLS Configuration <!-- Content --> <div class="wiki-content"> <div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/ -div.rbtoc1415209606058 {padding: 0px;} -div.rbtoc1415209606058 ul {list-style: disc;margin-left: 0px;} -div.rbtoc1415209606058 li {margin-left: 0px;padding-left: 0px;} +div.rbtoc1418147187626 {padding: 0px;} +div.rbtoc1418147187626 ul {list-style: disc;margin-left: 0px;} +div.rbtoc1418147187626 li {margin-left: 0px;padding-left: 0px;} -/*]]>*/</style></p><div class="toc-macro rbtoc1415209606058"> +/*]]>*/</style></p><div class="toc-macro rbtoc1418147187626"> <ul class="toc-indentation"><li><a shape="rect" href="#TLSConfiguration-TLSParameterscommontobothClientsandServers">TLS Parameters common to both Clients and Servers</a> <ul class="toc-indentation"><li><a shape="rect" href="#TLSConfiguration-KeyManagers">Key Managers</a></li><li><a shape="rect" href="#TLSConfiguration-TrustManagers">Trust Managers</a></li><li><a shape="rect" href="#TLSConfiguration-CipherSuitesFilter">CipherSuites Filter</a></li><li><a shape="rect" href="#TLSConfiguration-CertConstraints">Cert Constraints</a></li></ul> </li><li><a shape="rect" href="#TLSConfiguration-ClientTLSParameters">Client TLS Parameters</a> @@ -175,7 +175,7 @@ div.rbtoc1415209606058 li {margin-left: ... </httpj:tlsServerParameters> ]]></script> -</div></div><h1 id="TLSConfiguration-ClientTLSParameters">Client TLS Parameters</h1><p>In addition to the TLS Parameters common to both Clients and Servers, there are some parameters that are <a shape="rect" class="external-link" href="https://svn.apache.org/repos/asf/cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java">specific</a> to Clients:</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Attribute</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Default</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>disableCNCheck</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Indicates whether that the hostname given in the HTTPS URL will be checked against the service's Common Nam e (CN) given in its certificate during requests, and failing if there is a mismatch. If set to <code>true</code> (<strong>not recommended for production use</strong>), such checks will be bypassed. That will allow you, for example, to use a URL such as <code>localhost</code> during development.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>sslSocketFactory</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>A SSLSocketFactory to use. All other bean properties are ignored if this is set.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>sslCacheTimeout</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>86400 seconds (24 hours)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>SSL Cache Timeout in seconds.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>useHttpsURLConnectionDefaultSslSocketFactory</ code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>This attribute specifies if <a shape="rect" class="external-link" href="http://java.sun.com/javase/6/docs/api/javax/net/ssl/HttpsURLConnection.html#getDefaultSSLSocketFactory()" rel="nofollow">HttpsURLConnection.getDefaultSSLSocketFactory()</a> should be used to create https connections. If '<code>true</code>', '<code>jsseProvider</code>', '<code>secureSocketProtocol</code>', '<code>trustManagers</code>', '<code>keyManagers</code>', '<code>secureRandom</code>', '<code>cipherSuites</code>' and '<code>cipherSuitesFilter</code>' configuration parameters are ignored.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>useHttpsURLConnectionDefaultHostnameVerifier</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>This attribute s pecifies if <a shape="rect" class="external-link" href="http://java.sun.com/javase/6/docs/api/javax/net/ssl/HttpsURLConnection.html#getDefaultHostnameVerifier()" rel="nofollow">HttpsURLConnection.getDefaultHostnameVerifier()</a> should be used to create https connections. If '<code>true</code>', '<code>disableCNCheck</code>' configuration parameter is ignored.</p></td></tr></tbody></table></div><h2 id="TLSConfiguration-DisableCNCheck">Disable CN Check</h2><p><code>disableCNCheck</code> is a parameterized boolean, you can use a fixed variable <code>true</code>|<code>false</code> as well as a <a shape="rect" class="external-link" href="http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/beans.html#beans-factory-placeholderconfigurer" rel="nofollow">Spring externalized property</a> variable (e.g. <code>${disable-https-hostname-verification</code>}) or a <a shape="rect" class="external-link" href="http://static.springsource.org/spring/docs/3.0.x/spring-frame work-reference/html/expressions.html#expressions-beandef" rel="nofollow">Spring expression</a> (e.g. <code>#{systemProperties['dev-mode']</code>}).</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>HTTP conduit configuration disabling HTTP URL hostname verification (usage of localhost, etc)</b></div><div class="codeContent panelContent pdl"> +</div></div><h1 id="TLSConfiguration-ClientTLSParameters">Client TLS Parameters</h1><p>In addition to the TLS Parameters common to both Clients and Servers, there are some parameters that are <a shape="rect" class="external-link" href="https://svn.apache.org/repos/asf/cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java">specific</a> to Clients:</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Attribute</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Default</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>disableCNCheck</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Indicates whether that the hostname given in the HTTPS URL will be checked against the service's Common Nam e (CN) given in its certificate during requests, and failing if there is a mismatch. If set to <code>true</code> (<strong>not recommended for production use</strong>), such checks will be bypassed. That will allow you, for example, to use a URL such as <code>localhost</code> during development.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>sslSocketFactory</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p> </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>A SSLSocketFactory to use. All other bean properties are ignored if this is set.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>sslCacheTimeout</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>86400 seconds (24 hours)</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>SSL Cache Timeout in seconds.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>useHttpsURLConnectionDefaultSslSocketFactory</ code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>This attribute specifies if <a shape="rect" class="external-link" href="http://java.sun.com/javase/6/docs/api/javax/net/ssl/HttpsURLConnection.html#getDefaultSSLSocketFactory()" rel="nofollow">HttpsURLConnection.getDefaultSSLSocketFactory()</a> should be used to create https connections. If '<code>true</code>', '<code>jsseProvider</code>', '<code>secureSocketProtocol</code>', '<code>trustManagers</code>', '<code>keyManagers</code>', '<code>secureRandom</code>', '<code>cipherSuites</code>' and '<code>cipherSuitesFilter</code>' configuration parameters are ignored.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>useHttpsURLConnectionDefaultHostnameVerifier</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>This attribute s pecifies if <a shape="rect" class="external-link" href="http://java.sun.com/javase/6/docs/api/javax/net/ssl/HttpsURLConnection.html#getDefaultHostnameVerifier()" rel="nofollow">HttpsURLConnection.getDefaultHostnameVerifier()</a> should be used to create https connections. If '<code>true</code>', '<code>disableCNCheck</code>' configuration parameter is ignored.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">hostnameVerifier</td><td colspan="1" rowspan="1" class="confluenceTd"> </td><td colspan="1" rowspan="1" class="confluenceTd">A custom HostnameVerifier instance to use</td></tr></tbody></table></div><h2 id="TLSConfiguration-DisableCNCheck">Disable CN Check</h2><p><code>disableCNCheck</code> is a parameterized boolean, you can use a fixed variable <code>true</code>|<code>false</code> as well as a <a shape="rect" class="external-link" href="http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/beans.html#beans-factory-placeholderconf igurer" rel="nofollow">Spring externalized property</a> variable (e.g. <code>${disable-https-hostname-verification</code>}) or a <a shape="rect" class="external-link" href="http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/expressions.html#expressions-beandef" rel="nofollow">Spring expression</a> (e.g. <code>#{systemProperties['dev-mode']</code>}).</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>HTTP conduit configuration disabling HTTP URL hostname verification (usage of localhost, etc)</b></div><div class="codeContent panelContent pdl"> <script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[ <!-- deactivate HTTPS url hostname verification (localhost, etc) --> <!-- WARNING ! disableCNcheck=true should NOT be used in production --> <http-conf:tlsClientParameters disableCNCheck="true" />