Author: buildbot
Date: Sat Jan 24 18:42:56 2026
New Revision: 1092107
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/docs.pageCache
websites/production/cxf/content/docs/tls-configuration.html
Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary file (source and/or target). No diff available.
Modified: websites/production/cxf/content/docs/tls-configuration.html
==============================================================================
--- websites/production/cxf/content/docs/tls-configuration.html Sat Jan 24
15:25:30 2026 (r1092106)
+++ websites/production/cxf/content/docs/tls-configuration.html Sat Jan 24
18:42:56 2026 (r1092107)
@@ -94,7 +94,8 @@ Apache CXF -- TLS Configuration
<div id="wrapper-menu-page-bottom">
<div id="menu-page">
<!-- NavigationBar -->
-<div id="navigation"><ul class="alternate"><li><a shape="rect"
href="overview.html">Overview</a></li><li><a shape="rect"
href="how-tos.html">How-Tos</a></li><li><a shape="rect"
href="frontends.html">Frontends</a></li><li><a shape="rect"
href="databindings.html">DataBindings</a></li><li><a shape="rect"
href="transports.html">Transports</a></li><li><a shape="rect"
href="configuration.html">Configuration</a></li><li><a shape="rect"
href="debugging-and-logging.html">Debugging and Logging</a></li><li><a
shape="rect" href="tools.html">Tools</a></li><li><a shape="rect"
href="restful-services.html">RESTful Services</a></li><li><a shape="rect"
href="wsdl-bindings.html">WSDL Bindings</a></li><li><a shape="rect"
href="service-routing.html">Service Routing</a></li><li><a shape="rect"
href="dynamic-languages.html">Dynamic Languages</a></li><li><a shape="rect"
href="ws-support.html">WS-* Support</a></li><li><a shape="rect"
href="advanced-integration.html">Advanced Integration</a></li><li><a shape
="rect" href="deployment.html">Deployment</a></li><li><a shape="rect"
href="schemas-and-namespaces.html">Use of Schemas and Namespaces</a></li><li><a
shape="rect" href="securing-cxf-services.html">Securing CXF
Services</a></li></ul><hr><ul
class="alternate"><li><p>Search</p></li></ul><iframe frameborder="1"
scrolling="auto" id="searchId"
src="https://cxf.apache.org/resources/search.htm"; name="SearchIFrame"
width="200px" style="border:none;" title="Search" height="60px"><p><br
clear="none"></p></iframe>
+<div id="navigation"><ul class="alternate"><li><a shape="rect"
href="overview.html">Overview</a></li><li><a shape="rect"
href="how-tos.html">How-Tos</a></li><li><a shape="rect"
href="frontends.html">Frontends</a></li><li><a shape="rect"
href="databindings.html">DataBindings</a></li><li><a shape="rect"
href="transports.html">Transports</a></li><li><a shape="rect"
href="configuration.html">Configuration</a></li><li><a shape="rect"
href="debugging-and-logging.html">Debugging and Logging</a></li><li><a
shape="rect" href="tools.html">Tools</a></li><li><a shape="rect"
href="restful-services.html">RESTful Services</a></li><li><a shape="rect"
href="wsdl-bindings.html">WSDL Bindings</a></li><li><a shape="rect"
href="service-routing.html">Service Routing</a></li><li><a shape="rect"
href="dynamic-languages.html">Dynamic Languages</a></li><li><a shape="rect"
href="ws-support.html">WS-* Support</a></li><li><a shape="rect"
href="advanced-integration.html">Advanced Integration</a></li><li><a shape
="rect" href="deployment.html">Deployment</a></li><li><a shape="rect"
href="schemas-and-namespaces.html">Use of Schemas and Namespaces</a></li><li><a
shape="rect" href="securing-cxf-services.html">Securing CXF
Services</a></li></ul><hr><ul class="alternate"><li><p>Search</p></li></ul>
+<iframe frameborder="1" scrolling="auto" id="searchId"
src="https://cxf.apache.org/resources/search.htm"; sandbox="sandbox"
name="SearchIFrame" width="200px" style="border:none;" title="Search"
height="60px"></iframe>
<hr><ul class="alternate"><li><a shape="rect"
href="http://cxf.apache.org/javadoc/latest-4.0.x/";>API 4.0.x
(Javadoc)</a></li><li><a shape="rect"
href="http://cxf.apache.org/javadoc/latest-3.6.x/";>API 3.6.x
(Javadoc)</a></li><li><a shape="rect"
href="http://cxf.apache.org/javadoc/latest-3.5.x/";>API 3.5.x
(Javadoc)</a></li><li><a shape="rect" href="http://cxf.apache.org/";>CXF
Website</a></li></ul><p><br clear="none"></p><p><a shape="rect"
class="external-link" href="https://www.apache.org/events/current-event.html";>
<span class="confluence-embedded-file-wrapper"><img
class="confluence-embedded-image confluence-external-resource"
draggable="false" src="https://www.apache.org/events/current-event-125x125.png";
data-image-src="https://www.apache.org/events/current-event-125x125.png";></span>
</a></p></div>
@@ -108,11 +109,11 @@ Apache CXF -- TLS Configuration
<!-- Content -->
<div class="wiki-content">
<div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1693928695804 {padding: 0px;}
-div.rbtoc1693928695804 ul {margin-left: 0px;}
-div.rbtoc1693928695804 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1769280171786 {padding: 0px;}
+div.rbtoc1769280171786 ul {margin-left: 0px;}
+div.rbtoc1769280171786 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1693928695804">
+/*]]>*/</style></p><div class="toc-macro rbtoc1769280171786">
<ul class="toc-indentation"><li><a shape="rect"
href="#TLSConfiguration-TLSParameterscommontobothClientsandServers">TLS
Parameters common to both Clients and Servers</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#TLSConfiguration-KeyManagers">Key Managers</a></li><li><a shape="rect"
href="#TLSConfiguration-TrustManagers">Trust Managers</a></li><li><a
shape="rect" href="#TLSConfiguration-TLSCipherSuites">TLS CipherSuites</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#TLSConfiguration-CipherSuites">CipherSuites</a></li><li><a shape="rect"
href="#TLSConfiguration-CipherSuitesFilter">CipherSuites Filter</a></li></ul>
@@ -174,7 +175,7 @@ div.rbtoc1693928695804 li {margin-left:
...
</httpj:tlsServerParameters>
</pre>
-</div></div><h1 id="TLSConfiguration-ClientTLSParameters">Client TLS
Parameters</h1><p>In addition to the TLS Parameters common to both Clients and
Servers, there are some parameters that are <a shape="rect"
class="external-link"
href="https://svn.apache.org/repos/asf/cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java";>specific</a>
to Clients:</p><div class="table-wrap"><table class="wrapped
confluenceTable"><colgroup span="1"><col span="1"><col span="1"><col
span="1"></colgroup><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Attribute</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Default</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>disableCNCheck</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>false</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Indicates whether that the hostname given in the HTTP
S URL will be checked against the service's Common Name (CN) given in its
certificate during requests, and failing if there is a mismatch. If set to true
(not recommended for production use), such checks will be bypassed. That will
allow you, for example, to use a URL such as localhost during
development.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>sslSocketFactory</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p><br clear="none"></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>A SSLSocketFactory to use. All other bean properties
are ignored if this is set.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>sslCacheTimeout</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>86400 seconds (24 hours)</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>SSL Cache Timeout in
seconds.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>useHttpsURLConnectionDefaultSslSocketFactory</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>false</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>This attribute specifies if <a shape="rect"
class="external-link"
href="http://java.sun.com/javase/6/docs/api/javax/net/ssl/HttpsURLConnection.html#getDefaultSSLSocketFactory()"
rel="nofollow">HttpsURLConnection.getDefaultSSLSocketFactory()</a> should be
used to create https connections. If 'true', 'jsseProvider',
'secureSocketProtocol', 'trustManagers', 'keyManagers', 'secureRandom',
'cipherSuites' and 'cipherSuitesFilter' configuration parameters are
ignored.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>useHttpsURLConnectionDefaultHostnameVerifier</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>false</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>This attribute specifies if <a shape="rect"
class="external-link"
href="http://java.sun.com/javase/6/docs/api/javax/net/ssl/HttpsURLConnection.html#getDefaultHostnameVerifier()
" rel="nofollow">HttpsURLConnection.getDefaultHostnameVerifier()</a> should be
used to create https connections. If 'true', 'disableCNCheck' configuration
parameter is ignored.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">hostnameVerifier</td><td colspan="1" rowspan="1"
class="confluenceTd"><br clear="none"></td><td colspan="1" rowspan="1"
class="confluenceTd">A custom HostnameVerifier instance to
use</td></tr></tbody></table></div><h2
id="TLSConfiguration-DisableCNCheck">Disable CN
Check</h2><p><code>disableCNCheck</code> is a parameterized boolean, you can
use a fixed variable <code>true</code>|<code>false</code> as well as a <a
shape="rect" class="external-link"
href="http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/beans.html#beans-factory-placeholderconfigurer";
rel="nofollow">Spring externalized property</a> variable (e.g.
<code>${disable-https-hostname-verification</code>}) or a <a shape="rect"
class="external-link" href="ht
tp://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/expressions.html#expressions-beandef"
rel="nofollow">Spring expression</a> (e.g.
<code>#{systemProperties['dev-mode']</code>}).</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeHeader panelHeader pdl"
style="border-bottom-width: 1px;"><b>HTTP conduit configuration disabling HTTP
URL hostname verification (usage of localhost, etc)</b></div><div
class="codeContent panelContent pdl">
+</div></div><h1 id="TLSConfiguration-ClientTLSParameters">Client TLS
Parameters</h1><p>In addition to the TLS Parameters common to both Clients and
Servers, there are some parameters that are <a shape="rect"
class="external-link"
href="https://svn.apache.org/repos/asf/cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java";>specific</a>
to Clients:</p><div class="table-wrap"><table class="wrapped
confluenceTable"><colgroup span="1"><col span="1"><col span="1"><col
span="1"></colgroup><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Attribute</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Default</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>disableCNCheck</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>false</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Indicates whether that the hostname given in the HTTP
S URL will be checked against the service's Common Name (CN) given in its
certificate during requests, and failing if there is a mismatch. If set to true
(not recommended for production use), such checks will be bypassed. That will
allow you, for example, to use a URL such as localhost during
development.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>sslSocketFactory</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p><br clear="none"></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>A SSLSocketFactory to use. All other bean properties
are ignored if this is set.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>sslCacheTimeout</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>86400 seconds (24 hours)</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>SSL Cache Timeout in
seconds.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>useHttpsURLConnectionDefaultSslSocketFactory</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>false</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>This attribute specifies if <a shape="rect"
class="external-link"
href="http://java.sun.com/javase/6/docs/api/javax/net/ssl/HttpsURLConnection.html#getDefaultSSLSocketFactory()"
rel="nofollow">HttpsURLConnection.getDefaultSSLSocketFactory()</a> should be
used to create https connections. If 'true', 'jsseProvider',
'secureSocketProtocol', 'trustManagers', 'keyManagers', 'secureRandom',
'cipherSuites' and 'cipherSuitesFilter' configuration parameters are
ignored.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>useHttpsURLConnectionDefaultHostnameVerifier</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>false</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>This attribute specifies if <a shape="rect"
class="external-link"
href="http://java.sun.com/javase/6/docs/api/javax/net/ssl/HttpsURLConnection.html#getDefaultHostnameVerifier()
" rel="nofollow">HttpsURLConnection.getDefaultHostnameVerifier()</a> should be
used to create https connections. If 'true', 'disableCNCheck' configuration
parameter is ignored.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">hostnameVerifier</td><td colspan="1" rowspan="1"
class="confluenceTd"><br clear="none"></td><td colspan="1" rowspan="1"
class="confluenceTd">A custom HostnameVerifier instance to use</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd">serverNames</td><td colspan="1"
rowspan="1" class="confluenceTd"><br clear="none"></td><td colspan="1"
rowspan="1" class="confluenceTd">This element holds the list of SNI server
names (since <span class="shorten"> 4.1.5 / 3.6.10 /
4.0.11</span>)</td></tr></tbody></table></div><h2
id="TLSConfiguration-DisableCNCheck">Disable CN
Check</h2><p><code>disableCNCheck</code> is a parameterized boolean, you can
use a fixed variable <code>true</code>|<code>false</code> as well as a <a
shape="rect" class="exte
rnal-link"
href="http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/beans.html#beans-factory-placeholderconfigurer";
rel="nofollow">Spring externalized property</a> variable (e.g.
<code>${disable-https-hostname-verification</code>}) or a <a shape="rect"
class="external-link"
href="http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/expressions.html#expressions-beandef";
rel="nofollow">Spring expression</a> (e.g.
<code>#{systemProperties['dev-mode']</code>}).</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeHeader panelHeader pdl"
style="border-bottom-width: 1px;"><b>HTTP conduit configuration disabling HTTP
URL hostname verification (usage of localhost, etc)</b></div><div
class="codeContent panelContent pdl">
<pre class="brush: xml; gutter: false; theme: Default"> <!-- deactivate
HTTPS url hostname verification (localhost, etc) -->
<!-- WARNING ! disableCNcheck=true should NOT be used in production
-->
<http-conf:tlsClientParameters disableCNCheck="true" />
![https://www.apache.org/events/current-event-125x125.png"](https://www.apache.org/events/current-event-125x125.png"){kind=link}