tls-configuration.html

buildbot Tue, 09 Dec 2014 09:47:19 -0800

Author: buildbot
Date: Tue Dec  9 17:46:49 2014
New Revision: 932006

Log:
Production update by buildbot for cxf


Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/docs/tls-configuration.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/tls-configuration.html
==============================================================================
--- websites/production/cxf/content/docs/tls-configuration.html (original)
+++ websites/production/cxf/content/docs/tls-configuration.html Tue Dec  9 
17:46:49 2014
@@ -117,11 +117,11 @@ Apache CXF -- TLS Configuration
            <!-- Content -->
            <div class="wiki-content">
 <div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1415209606058 {padding: 0px;}
-div.rbtoc1415209606058 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1415209606058 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1418147187626 {padding: 0px;}
+div.rbtoc1418147187626 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1418147187626 li {margin-left: 0px;padding-left: 0px;}
 
-/*]]>*/</style></p><div class="toc-macro rbtoc1415209606058">
+/*]]>*/</style></p><div class="toc-macro rbtoc1418147187626">
 <ul class="toc-indentation"><li><a shape="rect" 
href="#TLSConfiguration-TLSParameterscommontobothClientsandServers">TLS 
Parameters common to both Clients and Servers</a>
 <ul class="toc-indentation"><li><a shape="rect" 
href="#TLSConfiguration-KeyManagers">Key Managers</a></li><li><a shape="rect" 
href="#TLSConfiguration-TrustManagers">Trust Managers</a></li><li><a 
shape="rect" href="#TLSConfiguration-CipherSuitesFilter">CipherSuites 
Filter</a></li><li><a shape="rect" 
href="#TLSConfiguration-CertConstraints">Cert Constraints</a></li></ul>
 </li><li><a shape="rect" href="#TLSConfiguration-ClientTLSParameters">Client 
TLS Parameters</a>
@@ -175,7 +175,7 @@ div.rbtoc1415209606058 li {margin-left:
         ...
     &lt;/httpj:tlsServerParameters&gt;
 ]]></script>
-</div></div><h1 id="TLSConfiguration-ClientTLSParameters">Client TLS 
Parameters</h1><p>In addition to the TLS Parameters common to both Clients and 
Servers, there are some parameters that are <a shape="rect" 
class="external-link" 
href="https://svn.apache.org/repos/asf/cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java";>specific</a>
 to Clients:</p><div class="table-wrap"><table 
class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" 
class="confluenceTh"><p>Attribute</p></th><th colspan="1" rowspan="1" 
class="confluenceTh"><p>Default</p></th><th colspan="1" rowspan="1" 
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1" 
rowspan="1" class="confluenceTd"><p><code>disableCNCheck</code></p></td><td 
colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code></p></td><td 
colspan="1" rowspan="1" class="confluenceTd"><p>Indicates whether that the 
hostname given in the HTTPS URL will be checked against the service's Common Nam
 e (CN) given in its certificate during requests, and failing if there is a 
mismatch. If set to <code>true</code> (<strong>not recommended for production 
use</strong>), such checks will be bypassed. That will allow you, for example, 
to use a URL such as <code>localhost</code> during 
development.</p></td></tr><tr><td colspan="1" rowspan="1" 
class="confluenceTd"><p><code>sslSocketFactory</code></p></td><td colspan="1" 
rowspan="1" class="confluenceTd"><p>&#160;</p></td><td colspan="1" rowspan="1" 
class="confluenceTd"><p>A SSLSocketFactory to use. All other bean properties 
are ignored if this is set.</p></td></tr><tr><td colspan="1" rowspan="1" 
class="confluenceTd"><p><code>sslCacheTimeout</code></p></td><td colspan="1" 
rowspan="1" class="confluenceTd"><p>86400 seconds (24 hours)</p></td><td 
colspan="1" rowspan="1" class="confluenceTd"><p>SSL Cache Timeout in 
seconds.</p></td></tr><tr><td colspan="1" rowspan="1" 
class="confluenceTd"><p><code>useHttpsURLConnectionDefaultSslSocketFactory</
 code></p></td><td colspan="1" rowspan="1" 
class="confluenceTd"><p><code>false</code></p></td><td colspan="1" rowspan="1" 
class="confluenceTd"><p>This attribute specifies if <a shape="rect" 
class="external-link" 
href="http://java.sun.com/javase/6/docs/api/javax/net/ssl/HttpsURLConnection.html#getDefaultSSLSocketFactory()"
 rel="nofollow">HttpsURLConnection.getDefaultSSLSocketFactory()</a> should be 
used to create https connections. If '<code>true</code>', 
'<code>jsseProvider</code>', '<code>secureSocketProtocol</code>', 
'<code>trustManagers</code>', '<code>keyManagers</code>', 
'<code>secureRandom</code>', '<code>cipherSuites</code>' and 
'<code>cipherSuitesFilter</code>' configuration parameters are 
ignored.</p></td></tr><tr><td colspan="1" rowspan="1" 
class="confluenceTd"><p><code>useHttpsURLConnectionDefaultHostnameVerifier</code></p></td><td
 colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code></p></td><td 
colspan="1" rowspan="1" class="confluenceTd"><p>This attribute s
 pecifies if <a shape="rect" class="external-link" 
href="http://java.sun.com/javase/6/docs/api/javax/net/ssl/HttpsURLConnection.html#getDefaultHostnameVerifier()"
 rel="nofollow">HttpsURLConnection.getDefaultHostnameVerifier()</a> should be 
used to create https connections. If '<code>true</code>', 
'<code>disableCNCheck</code>' configuration parameter is 
ignored.</p></td></tr></tbody></table></div><h2 
id="TLSConfiguration-DisableCNCheck">Disable CN 
Check</h2><p><code>disableCNCheck</code> is a parameterized boolean, you can 
use a fixed variable <code>true</code>|<code>false</code> as well as a <a 
shape="rect" class="external-link" 
href="http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/beans.html#beans-factory-placeholderconfigurer";
 rel="nofollow">Spring externalized property</a> variable (e.g. 
<code>${disable-https-hostname-verification</code>}) or a <a shape="rect" 
class="external-link" 
href="http://static.springsource.org/spring/docs/3.0.x/spring-frame
 work-reference/html/expressions.html#expressions-beandef" 
rel="nofollow">Spring expression</a> (e.g. 
<code>#{systemProperties['dev-mode']</code>}).</p><div class="code panel pdl" 
style="border-width: 1px;"><div class="codeHeader panelHeader pdl" 
style="border-bottom-width: 1px;"><b>HTTP conduit configuration disabling HTTP 
URL hostname verification (usage of localhost, etc)</b></div><div 
class="codeContent panelContent pdl">
+</div></div><h1 id="TLSConfiguration-ClientTLSParameters">Client TLS 
Parameters</h1><p>In addition to the TLS Parameters common to both Clients and 
Servers, there are some parameters that are <a shape="rect" 
class="external-link" 
href="https://svn.apache.org/repos/asf/cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java";>specific</a>
 to Clients:</p><div class="table-wrap"><table 
class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" 
class="confluenceTh"><p>Attribute</p></th><th colspan="1" rowspan="1" 
class="confluenceTh"><p>Default</p></th><th colspan="1" rowspan="1" 
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1" 
rowspan="1" class="confluenceTd"><p><code>disableCNCheck</code></p></td><td 
colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code></p></td><td 
colspan="1" rowspan="1" class="confluenceTd"><p>Indicates whether that the 
hostname given in the HTTPS URL will be checked against the service's Common Nam
 e (CN) given in its certificate during requests, and failing if there is a 
mismatch. If set to <code>true</code> (<strong>not recommended for production 
use</strong>), such checks will be bypassed. That will allow you, for example, 
to use a URL such as <code>localhost</code> during 
development.</p></td></tr><tr><td colspan="1" rowspan="1" 
class="confluenceTd"><p><code>sslSocketFactory</code></p></td><td colspan="1" 
rowspan="1" class="confluenceTd"><p>&#160;</p></td><td colspan="1" rowspan="1" 
class="confluenceTd"><p>A SSLSocketFactory to use. All other bean properties 
are ignored if this is set.</p></td></tr><tr><td colspan="1" rowspan="1" 
class="confluenceTd"><p><code>sslCacheTimeout</code></p></td><td colspan="1" 
rowspan="1" class="confluenceTd"><p>86400 seconds (24 hours)</p></td><td 
colspan="1" rowspan="1" class="confluenceTd"><p>SSL Cache Timeout in 
seconds.</p></td></tr><tr><td colspan="1" rowspan="1" 
class="confluenceTd"><p><code>useHttpsURLConnectionDefaultSslSocketFactory</
 code></p></td><td colspan="1" rowspan="1" 
class="confluenceTd"><p><code>false</code></p></td><td colspan="1" rowspan="1" 
class="confluenceTd"><p>This attribute specifies if <a shape="rect" 
class="external-link" 
href="http://java.sun.com/javase/6/docs/api/javax/net/ssl/HttpsURLConnection.html#getDefaultSSLSocketFactory()"
 rel="nofollow">HttpsURLConnection.getDefaultSSLSocketFactory()</a> should be 
used to create https connections. If '<code>true</code>', 
'<code>jsseProvider</code>', '<code>secureSocketProtocol</code>', 
'<code>trustManagers</code>', '<code>keyManagers</code>', 
'<code>secureRandom</code>', '<code>cipherSuites</code>' and 
'<code>cipherSuitesFilter</code>' configuration parameters are 
ignored.</p></td></tr><tr><td colspan="1" rowspan="1" 
class="confluenceTd"><p><code>useHttpsURLConnectionDefaultHostnameVerifier</code></p></td><td
 colspan="1" rowspan="1" class="confluenceTd"><p><code>false</code></p></td><td 
colspan="1" rowspan="1" class="confluenceTd"><p>This attribute s
 pecifies if <a shape="rect" class="external-link" 
href="http://java.sun.com/javase/6/docs/api/javax/net/ssl/HttpsURLConnection.html#getDefaultHostnameVerifier()"
 rel="nofollow">HttpsURLConnection.getDefaultHostnameVerifier()</a> should be 
used to create https connections. If '<code>true</code>', 
'<code>disableCNCheck</code>' configuration parameter is 
ignored.</p></td></tr><tr><td colspan="1" rowspan="1" 
class="confluenceTd">hostnameVerifier</td><td colspan="1" rowspan="1" 
class="confluenceTd">&#160;</td><td colspan="1" rowspan="1" 
class="confluenceTd">A custom HostnameVerifier instance to 
use</td></tr></tbody></table></div><h2 
id="TLSConfiguration-DisableCNCheck">Disable CN 
Check</h2><p><code>disableCNCheck</code> is a parameterized boolean, you can 
use a fixed variable <code>true</code>|<code>false</code> as well as a <a 
shape="rect" class="external-link" 
href="http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/beans.html#beans-factory-placeholderconf
 igurer" rel="nofollow">Spring externalized property</a> variable (e.g. 
<code>${disable-https-hostname-verification</code>}) or a <a shape="rect" 
class="external-link" 
href="http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/expressions.html#expressions-beandef";
 rel="nofollow">Spring expression</a> (e.g. 
<code>#{systemProperties['dev-mode']</code>}).</p><div class="code panel pdl" 
style="border-width: 1px;"><div class="codeHeader panelHeader pdl" 
style="border-bottom-width: 1px;"><b>HTTP conduit configuration disabling HTTP 
URL hostname verification (usage of localhost, etc)</b></div><div 
class="codeContent panelContent pdl">
 <script class="theme: Default; brush: xml; gutter: false" 
type="syntaxhighlighter"><![CDATA[   &lt;!-- deactivate HTTPS url hostname 
verification (localhost, etc)    --&gt;
    &lt;!-- WARNING ! disableCNcheck=true should NOT be used in production 
--&gt;
    &lt;http-conf:tlsClientParameters disableCNCheck=&quot;true&quot; /&gt;

svn commit: r932006 - in /websites/production/cxf/content: cache/docs.pageCache docs/tls-configuration.html

Reply via email to