We can't pass ciphers to NIO or Passthru transport as we do in Servlet Transport. The provided functionality to specify the SSLProtocol to make javax.net.ssl.SSLContext. The default is "TLS".
Jeewantha On Fri, Aug 30, 2013 at 5:48 PM, Reka Thirunavukkarasu <[email protected]>wrote: > Hi > > > On Mon, Jul 29, 2013 at 5:12 PM, Jeewantha Dharmaparakrama < > [email protected]> wrote: > >> To get SSL context when making an HTTPS connection you need to do this. >> >> javax.net.ssl.SSLContext sslcontext = >> javax.net.ssl.SSLContext.getInstance("TLS"); >> >> This depends on the JVM. For example on IBM JVM, it should be >> SSLContext.getInstance("SSL_TLS"); [1] >> > > For the oracle jdk, how do we specify the SSLv3 in the NIO transport? As > mentioned by Isuru, we need to pass ciphers as well in order to disable > weak and medium cipher strength. > > After configuring the SSLv3 with ciphers, servlet transport is working > fine. So how can we do the same in NIO transport for oracle JDK? > > Thanks, > Reka > > >> [1] >> http://publib.boulder.ibm.com/infocenter/javasdk/v6r0/index.jsp?topic=%2Fcom.ibm.java.security.component.doc%2Fsecurity-component%2Fjsse2Docs%2Fsslcontext.html >> >> >> On Fri, Jul 26, 2013 at 11:06 AM, Isuru Perera <[email protected]> wrote: >> >>> Hi, >>> >>> When comparing with Tomcat configuration options for SSL [1], it seems >>> that the SSL transports for ESB lacks support for many important >>> configurations. >>> >>> AFAIK, the option to specify SSL protocol only introduced in ESB 4.7.0. >>> >>> On Wed, Jul 24, 2013 at 10:53 AM, Isuru Perera <[email protected]> wrote: >>> >>>> >>>> Hi, >>>> >>>> On Tue, Jul 23, 2013 at 12:54 PM, Ramith Jayasinghe >>>> <[email protected]>wrote: >>>> >>>>> So now whats the purpose of "HttpsProtocols" which is also configured >>>>> in axis2.xml (for esb) ? >>>>> >>>> Could someone from ESB team please give an answer for this? >>>> >>> This configuration is to specify SSL protocol for HTTP transport of >> Synapse. What we specify in tomcat configuration is for the sevlet >> transport. >> >>> >>> I think we really need to revisit the SSL transport configurations and >>> properly document those. >>> >>> [1] http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support >>> >>>> >>>>> >>>>> On Tue, Jul 23, 2013 at 12:14 PM, Isuru Perera <[email protected]>wrote: >>>>> >>>>>> Hi all, >>>>>> >>>>>> Thanks Miyuru and Ramith for the information. >>>>>> >>>>>> This is fixed in ESB 4.7.0 with ESBJAVA-2029 [1]. >>>>>> >>>>>> The change is to add a parameter as follows. (I couldn't find about >>>>>> this in ESB Docs!) >>>>>> >>>>>> <parameter name="SSLProtocol">...</parameter> >>>>>> >>>>>> I still have a doubt whether this can be used to achieve >>>>>> StackOverflow user's requirement as there is no place to specify >>>>>> "ciphers" >>>>>> parameter. >>>>>> >>>>>> Appreciate any guidance on this. >>>>>> >>>>>> Thanks! >>>>>> >>>>>> [1] https://wso2.org/jira/browse/ESBJAVA-2029 >>>>>> >>>>>> >>>>>> On Tue, Jul 23, 2013 at 9:10 AM, Isuru Perera <[email protected]>wrote: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> This is regarding StackOverflow question [1]. >>>>>>> >>>>>>> Basically the user needs to configure sslProtocol + other parameters >>>>>>> as defined in Tomcat connector [2]. >>>>>>> >>>>>>> I gave a quick answer by looking at the docs. I informed that those >>>>>>> parameters can be specified in HTTPS Servlet Transport since it is >>>>>>> based on >>>>>>> the Tomcat connector. >>>>>>> >>>>>>> Please let me know how to achieve similar SSL configuration in NHTTP >>>>>>> or PassThrough transport. >>>>>>> >>>>>>> Thanks! >>>>>>> >>>>>>> [1] >>>>>>> http://stackoverflow.com/questions/17752636/wso2-esb-4-0-3-how-to-specify-sslprotocol-parameter-for-transport-listner-http >>>>>>> [2] http://tomcat.apache.org/tomcat-7.0-doc/config/http.html >>>>>>> >>>>>>> -- >>>>>>> Isuru Perera >>>>>>> Senior Software Engineer | WSO2, Inc. | http://wso2.com/ >>>>>>> Lean . Enterprise . Middleware >>>>>>> >>>>>>> Twitter: http://twitter.com/chrishantha | LinkedIn: >>>>>>> http://lk.linkedin.com/in/chrishantha/ >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Isuru Perera >>>>>> Senior Software Engineer | WSO2, Inc. | http://wso2.com/ >>>>>> Lean . Enterprise . Middleware >>>>>> >>>>>> Twitter: http://twitter.com/chrishantha | LinkedIn: >>>>>> http://lk.linkedin.com/in/chrishantha/ >>>>>> >>>>>> _______________________________________________ >>>>>> Dev mailing list >>>>>> [email protected] >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Ramith Jayasinghe >>>>> Technical Lead >>>>> WSO2 Inc., http://wso2.com >>>>> lean.enterprise.middleware >>>>> >>>>> E: [email protected] >>>>> P: +94 776715671 >>>>> >>>>> >>>> >>>> >>>> -- >>>> Isuru Perera >>>> Senior Software Engineer | WSO2, Inc. | http://wso2.com/ >>>> Lean . Enterprise . Middleware >>>> >>>> Twitter: http://twitter.com/chrishantha | LinkedIn: >>>> http://lk.linkedin.com/in/chrishantha/ >>>> >>> >>> >>> >>> -- >>> Isuru Perera >>> Senior Software Engineer | WSO2, Inc. | http://wso2.com/ >>> Lean . Enterprise . Middleware >>> >>> Twitter: http://twitter.com/chrishantha | LinkedIn: >>> http://lk.linkedin.com/in/chrishantha/ >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> Jeewantha Dharmaparakrama >> >> Software Engineer; WSO2, Inc.; http://wso2.com/ >> >> Phone : (+94) 774726790 >> Skype : prasad.jeewantha >> LinkedIn : http://www.linkedin.com/in/jeewanthad >> Twitter: https://twitter.com/jeewamp >> Blog: http://jeewanthad.blogspot.com/ >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Reka Thirunavukkarasu > Software Engineer, > WSO2, Inc.:http://wso2.com, > > -- Jeewantha Dharmaparakrama Software Engineer; WSO2, Inc.; http://wso2.com/ Phone : (+94) 774726790 Skype : prasad.jeewantha LinkedIn : http://www.linkedin.com/in/jeewanthad Twitter: https://twitter.com/jeewamp Blog: http://jeewanthad.blogspot.com/
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
