I added following code to set Cipher Suites Filter, but nothing
changing.
TLSClientParameters tlsParams = new TLSClientParameters(); //8
tlsParams.setTrustManagers(tlsParams.getTrustManagers());
FiltersType filters = new FiltersType();
filters.getInclude().add(".*_EXPORT_.*");
filters.getInclude().add(".*_EXPORT1024_.*");
filters.getInclude().add(".*_WITH_DES_.*");
filters.getInclude().add(".*_WITH_NULL_.*");
filters.getInclude().add(".*_DH_anon_.*");
filters.getInclude().add("SSL_RSA_WITH_RC4_128_MD5");
filters.getInclude().add("SSL_RSA_WITH_RC4_128_SHA");
tlsParams.setCipherSuitesFilter(filters);
Mar 30, 2008 3:49:43 PM org.apache.cxf.transport.https.SSLUtils
getCiphersuites
INFO: The cipher suites have not been configured, falling back to cipher
suite filters.
Mar 30, 2008 3:49:43 PM org.apache.cxf.transport.https.SSLUtils
getCiphersFromList
INFO: The cipher suites have been set to SSL_RSA_WITH_RC4_128_MD5,
SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_DES_CBC_SHA,
SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA,
SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_WITH_NULL_MD5,
SSL_RSA_WITH_NULL_SHA, SSL_DH_anon_WITH_RC4_128_MD5,
TLS_DH_anon_WITH_AES_128_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,
SSL_DH_anon_WITH_DES_CBC_SHA, SSL_DH_anon_EXPORT_WITH_RC4_40_MD5,
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_WITH_DES_CBC_SHA,
TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA,
TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,
TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5.
Mar 30, 2008 3:49:45 PM org.apache.cxf.phase.PhaseInterceptorChain
doIntercept
INFO: Interceptor has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Connection refused: connect
at
org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor.writeParts(
AbstractOutDatabindingInterceptor.java:75)
at
org.apache.cxf.interceptor.BareOutInterceptor.handleMessage(BareOutInter
ceptor.java:68)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC
hain.java:220)
at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:276)
at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:222)
at
org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
at
org.apache.cxf.frontend.ClientProxy.invoke(ClientProxy.java:68)
at $Proxy15.sayHi(Unknown Source)
at
cxf_client.TestFromSSLClientExample.TestClient(TestFromSSLClientExample.
java:107)
at
cxf_client.TestFromSSLClientExample.main(TestFromSSLClientExample.java:3
2)
Caused by: com.ctc.wstx.exc.WstxIOException: Connection refused: connect
at
com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:313)
at
org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor.writeParts(
AbstractOutDatabindingInterceptor.java:73)
... 9 more
Caused by: java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
at
java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
at java.net.Socket.connect(Socket.java:507)
at sun.net.NetworkClient.doConnect(NetworkClient.java:152)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:365)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:477)
at
sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:280)
at
sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:337)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttp
Client(AbstractDelegateHttpsURLConnection.java:176)
at
sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnecti
on.java:744)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Ab
stractDelegateHttpsURLConnection.java:162)
at
sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConne
ction.java:836)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsU
RLConnectionImpl.java:230)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHead
ersTrustCaching(HTTPConduit.java:1787)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWri
te(HTTPConduit.java:1755)
at
org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutpu
tStream.java:42)
at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:96)
at
com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:214)
at
com.ctc.wstx.sw.BaseStreamWriter.flush(BaseStreamWriter.java:311)
... 10 more
Hit uncaught exception org.apache.cxf.interceptor.Fault
-----Original Message-----
From: Daniel Kulp [mailto:[EMAIL PROTECTED]
Sent: Saturday, March 29, 2008 12:02 AM
To: [email protected]
Cc: Alpin, Luba
Subject: Re: Client can't communicate with CXE Server when using SSl
(used ServerFactoryBean/ClientProxyFactoryBean) jetty container, java
configuration
Looking at the cipher suites, it looks like only the export grade suites
are being selected (thus, none of the 128bit suites). The service may
be requiring one of those. You could configure the cipher suites on
the client to add in all the other suites.
The other option would be to test it with the 2.0.5 build.
http://people.apache.org/~dkulp/stage_cxf/2.0.5-incubator/
2.0.5 sets up a much more sensible set of ciphers.
Dan
On Thursday 27 March 2008, Alpin, Luba wrote:
> Any help will be very appreciated.
>
> This is an exception:
>
> Mar 27, 2008 11:28:21 AM org.apache.cxf.transport.https.SSLUtils
> getCiphersuites
>
> INFO: The cipher suites have not been configured, falling back to
> cipher suite filters.
>
> Mar 27, 2008 11:28:21 AM org.apache.cxf.transport.https.SSLUtils
> getCiphersuites
>
> INFO: The cipher suite filters have not been configured, falling back
> to default filters.
>
> Mar 27, 2008 11:28:21 AM org.apache.cxf.transport.https.SSLUtils
> getCiphersFromList
>
> INFO: The cipher suites have been set to SSL_RSA_WITH_DES_CBC_SHA,
> SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA,
> SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
> SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
> SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_WITH_NULL_MD5,
> SSL_RSA_WITH_NULL_SHA, SSL_DH_anon_WITH_DES_CBC_SHA,
> SSL_DH_anon_EXPORT_WITH_RC4_40_MD5,
> SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_WITH_DES_CBC_SHA,
> TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA,
> TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,
> TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5.
>
> Mar 27, 2008 11:28:21 AM org.apache.cxf.transport.http.HTTPConduit
> prepare
>
> INFO: AutoRedirect is turned on.
>
> Mar 27, 2008 11:28:25 AM org.apache.cxf.phase.PhaseInterceptorChain
> doIntercept
>
> INFO: Interceptor has thrown exception, unwinding now
>
> org.apache.cxf.interceptor.Fault: Could not send Message.
>
> at
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndin
>gI nterceptor.handleMessage(MessageSenderInterceptor.java:64)
>
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercepto
>rC hain.java:208)
>
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:276)
>
> at
> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:222)
>
> at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
>
> at
> org.apache.cxf.frontend.ClientProxy.invoke(ClientProxy.java:68)
>
> at $Proxy15.sayHi1(Unknown Source)
>
> at cxf_client.TestClient.testSSL(TestClient.java:677)
>
> at cxf_client.TestClient.main(TestClient.java:131)
>
> Caused by: java.io.IOException: Not Found
>
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRe
>sp onse(HTTPConduit.java:1888)
>
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HT
>TP Conduit.java:1791)
>
> at
> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66
>)
>
> at
> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:575)
>
> at
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndin
>gI nterceptor.handleMessage(MessageSenderInterceptor.java:62)
>
> ... 8 more
>
> Hit uncaught exception org.apache.cxf.interceptor.Fault
--
J. Daniel Kulp
Principal Engineer, IONA
[EMAIL PROTECTED]
http://www.dankulp.com/blog
