Any chance you could package together a small test case. (maybe a modified version of one of the samples?) I've seen a couple people report that the "*.http-conduit" method of config isn't working, but I haven't been able to reproduce it. If I could get a testcase that shows that it's not working, I could debug it a bit to see what is going on.
Thanks! Dan On Sun May 10 2009 12:49:42 pm Marc Logemann wrote: > Hi, > > on testing the my client with HTTPS i am getting this in the console > many times: > > 10.05.2009 18:42:20 org.apache.cxf.transport.https.SSLUtils > getCiphersuites > INFO: The cipher suites have not been configured, falling back to > cipher suite filters. > 10.05.2009 18:42:20 org.apache.cxf.transport.https.SSLUtils > getCiphersuites > INFO: The cipher suite filters have not been configured, falling back > to default filters. > 10.05.2009 18:42:20 org.apache.cxf.transport.https.SSLUtils > getCiphersFromList > INFO: The cipher suites have been set to SSL_RSA_WITH_RC4_128_MD5, > SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, > TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, > TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, > TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, > SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, > SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, > SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, > SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, > SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_WITH_RC4_128_SHA, > TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, > TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA, > TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, > TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, > TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5. > > This problem is also described in this "old" thread: > http://markmail.org/thread/kkcp6lbx26al2fo6 > > Of course i also tried the > > <http:conduit name="*.http-conduit"> > <http:tlsClientParameters secureSocketProtocol="SSL"> > <sec:cipherSuitesFilter> <!-- these filters ensure that > a ciphersuite with export-suitable or null encryption is used, but > exclude anonymous Diffie-Hellman key change as this is vulnerable to > man-in-the-middle attacks --> > <sec:include>.*_EXPORT_.*</sec:include> > <sec:include>.*_EXPORT1024_.*</sec:include> > <sec:include>.*_WITH_DES_.*</sec:include> > <sec:include>.*_WITH_NULL_.*</sec:include> > <sec:exclude>.*_DH_anon_.*</sec:exclude> > </sec:cipherSuitesFilter> > </http:tlsClientParameters> > </http:conduit> > > config without luck. But my cxf.xml gets read in my Test client (the > generated client of WSDL2Java). > > In general the client call works with the JAX-WS-style supplied > username and password but i really dont like the logging and i wonder > if its too slow then as mentioned in the thread above. > > Thx for info on this. > > --- > regards > Marc Logemann > http://www.logemann.org > http://www.logentis.de -- Daniel Kulp [email protected] http://www.dankulp.com/blog
