Author: buildbot
Date: Wed Nov 5 17:47:14 2014
New Revision: 928047
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/docs.pageCache
websites/production/cxf/content/docs/tls-configuration.html
Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/docs/tls-configuration.html
==============================================================================
--- websites/production/cxf/content/docs/tls-configuration.html (original)
+++ websites/production/cxf/content/docs/tls-configuration.html Wed Nov 5
17:47:14 2014
@@ -117,11 +117,11 @@ Apache CXF -- TLS Configuration
<!-- Content -->
<div class="wiki-content">
<div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1413819986046 {padding: 0px;}
-div.rbtoc1413819986046 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1413819986046 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1415209606058 {padding: 0px;}
+div.rbtoc1415209606058 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1415209606058 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1413819986046">
+/*]]>*/</style></p><div class="toc-macro rbtoc1415209606058">
<ul class="toc-indentation"><li><a shape="rect"
href="#TLSConfiguration-TLSParameterscommontobothClientsandServers">TLS
Parameters common to both Clients and Servers</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#TLSConfiguration-KeyManagers">Key Managers</a></li><li><a shape="rect"
href="#TLSConfiguration-TrustManagers">Trust Managers</a></li><li><a
shape="rect" href="#TLSConfiguration-CipherSuitesFilter">CipherSuites
Filter</a></li><li><a shape="rect"
href="#TLSConfiguration-CertConstraints">Cert Constraints</a></li></ul>
</li><li><a shape="rect" href="#TLSConfiguration-ClientTLSParameters">Client
TLS Parameters</a>
@@ -129,7 +129,7 @@ div.rbtoc1413819986046 li {margin-left:
</li><li><a shape="rect" href="#TLSConfiguration-ServerTLSParameters">Server
TLS Parameters</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#TLSConfiguration-ClientAuthentication">Client
Authentication</a></li></ul>
</li></ul>
-</div><h1 id="TLSConfiguration-TLSParameterscommontobothClientsandServers">TLS
Parameters common to both Clients and Servers</h1><p>The TLS Parameters common
to both Clients and Servers are given <a shape="rect" class="external-link"
href="https://svn.apache.org/repos/asf/cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java";>here</a>:</p><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Attribute</p></th><th colspan="1"
rowspan="1" class="confluenceTh"><p>Default</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>keyManagers</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>JVM default Key
Managers</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Key
Managers to hold X509 certificates.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>tru
stManagers</code></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>JVM default Trust Managers</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>TrustManagers to validate peer X509
certificates.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>jsseProvider</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>JVM default provider associated with
protocol</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>JSSE
provider name.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>cipherSuites</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>JVM default cipher suites</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>CipherSuites that will be
supported.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>cipherSuitesFilter</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p> </p></td><td colspan="1" rowspan="1"
class="confluenceTd
"><p>filters of the supported CipherSuites that will be supported and used if
available.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>certConstraints</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p> </p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Certificate Constraints
specification.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>secureRandomParameters</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>JVM default Secure
Random</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>SecureRandom
specification.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>secureSocketProtocol</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>"TLS"</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Protocol Name. Most common example are
"SSL", "TLS" or "TLSv1".</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><co
de>certAlias</code></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p> </p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Cert alias to use. Useful when keystore has multiple
certs.</p></td></tr></tbody></table></div><p> </p><p>Note that from CXF
3.0.3 and 2.7.14, the SSLv3 protocol is disabled on the service side (if Jetty
is used) unless "SSLv3" is explicitly specified for the "secureSocketProtocol"
parameter.</p><h2 id="TLSConfiguration-KeyManagers">Key Managers</h2><p>The Key
Managers configuration item is used to retrieve key information. It is required
for a Server, but is only required for a Client when the Server requires Client
Authentication.</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>Key
Manager sample</b></div><div class="codeContent panelContent pdl">
+</div><h1 id="TLSConfiguration-TLSParameterscommontobothClientsandServers">TLS
Parameters common to both Clients and Servers</h1><p>The TLS Parameters common
to both Clients and Servers are given <a shape="rect" class="external-link"
href="https://svn.apache.org/repos/asf/cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java";>here</a>:</p><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Attribute</p></th><th colspan="1"
rowspan="1" class="confluenceTh"><p>Default</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>keyManagers</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>JVM default Key
Managers</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Key
Managers to hold X509 certificates.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>tru
stManagers</code></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>JVM default Trust Managers</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>TrustManagers to validate peer X509
certificates.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>jsseProvider</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>JVM default provider associated with
protocol</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>JSSE
provider name.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>cipherSuites</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>JVM default cipher suites</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>CipherSuites that will be
supported.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>cipherSuitesFilter</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p> </p></td><td colspan="1" rowspan="1"
class="confluenceTd
"><p>filters of the supported CipherSuites that will be supported and used if
available.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>certConstraints</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p> </p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Certificate Constraints
specification.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>secureRandomParameters</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>JVM default Secure
Random</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>SecureRandom
specification.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>secureSocketProtocol</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>"TLS"</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Protocol Name. Most common example are
"SSL", "TLS" or "TLSv1".</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><co
de>certAlias</code></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p> </p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Cert alias to use. Useful when keystore has multiple
certs.</p></td></tr></tbody></table></div><p> </p><p>Note that from CXF
3.0.3 and 2.7.14, the SSLv3 protocol is disabled on the client side, and on the
service side (if Jetty is used), unless "SSLv3" is explicitly specified for the
"secureSocketProtocol" parameter.</p><h2 id="TLSConfiguration-KeyManagers">Key
Managers</h2><p>The Key Managers configuration item is used to retrieve key
information. It is required for a Server, but is only required for a Client
when the Server requires Client Authentication.</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeHeader panelHeader pdl"
style="border-bottom-width: 1px;"><b>Key Manager sample</b></div><div
class="codeContent panelContent pdl">
<script class="theme: Default; brush: xml; gutter: false"
type="syntaxhighlighter"><![CDATA[ <httpj:tlsServerParameters>
...
<sec:keyManagers keyPassword="stskpass">
@@ -181,7 +181,7 @@ div.rbtoc1413819986046 li {margin-left:
<http-conf:tlsClientParameters disableCNCheck="true" />
...
]]></script>
-</div></div><h1 id="TLSConfiguration-ServerTLSParameters">Server TLS
Parameters</h1><p>In addition to the TLS Parameters common to both Clients and
Servers, there are some parameters that are <a shape="rect"
class="external-link"
href="https://svn.apache.org/repos/asf/cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSServerParameters.java";>specific</a>
to Servers:</p><div class="table-wrap"><table
class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Attribute</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Default</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1"
class="confluenceTd"><p><code>clientAuthentication</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Not "wanted" or
"required"</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Allows
you to configure whether client authentication is "wanted" and/or
"required.</p></td><
/tr></tbody></table></div><h2
id="TLSConfiguration-ClientAuthentication">Client Authentication</h2><p>This
allows you to define whether client authentication is wanted and/or
required.</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>Client
Authentication sample</b></div><div class="codeContent panelContent pdl">
+</div></div><h1 id="TLSConfiguration-ServerTLSParameters">Server TLS
Parameters</h1><p>In addition to the TLS Parameters common to both Clients and
Servers, there are some parameters that are <a shape="rect"
class="external-link"
href="https://svn.apache.org/repos/asf/cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSServerParameters.java";>specific</a>
to Servers:</p><div class="table-wrap"><table
class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Attribute</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Default</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1"
class="confluenceTd"><p><code>clientAuthentication</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Not "wanted" or
"required"</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Allows
you to configure whether client authentication is "wanted" and/or
"required.</p></td><
/tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">excludeProtocols</td><td colspan="1" rowspan="1"
class="confluenceTd">SSLv3 is disabled by default for Jetty from CXF 3.0.3 +
2.7.14</td><td colspan="1" rowspan="1" class="confluenceTd">The TLS protocols
to exclude.</td></tr></tbody></table></div><h2
id="TLSConfiguration-ClientAuthentication">Client Authentication</h2><p>This
allows you to define whether client authentication is wanted and/or
required.</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>Client
Authentication sample</b></div><div class="codeContent panelContent pdl">
<script class="theme: Default; brush: xml; gutter: false"
type="syntaxhighlighter"><