CXF 2.2.4 client trying to access an Axis2 soap web service over SSL

I can't get my CXF client to get past the SSL handshake, but the sample
Axis2 client from the web service developer works fine. Here's my config:

   <http:conduit name="*.http-conduit">
        
            <http:tlsClientParameters secureSocketProtocol="SSL"
disableCNCheck="true">                          
              <sec:keyManagers >                  
                    <sec:keyStore type="PKCS12" password="testing"              
                                                                
file="C:\projects\hit-ws\Epp\test.eyeappts.com.p12"
                    />                                                          
              </sec:keyManagers>                  
              <sec:trustManagers>                 
                                <sec:keyStore type="JKS" password="trustword" 
                                        file="C:\projects\hit-ws\Epp\truststore"
                                />                                              
                                                                
              </sec:trustManagers>                                
              <sec:cipherSuitesFilter>
                          <sec:include>.*{_}WITH_3DES{_}{*}*.*</sec:include>
                          <sec:include>.*{_}EXPORT{_}{*}*.*</sec:include>
                          <sec:include>.*{_}EXPORT1024{_}{*}*.*</sec:include>
                          <sec:include>.*{_}WITH_DES{_}{*}*.*</sec:include>
                          <sec:include>SSL_RSA_WITH_RC4_128_MD5</sec:include>
                          <sec:include>SSL_RSA_WITH_RC4_128_SHA</sec:include>
                          <sec:exclude>.*{_}WITH_NULL{_}{*}*.*</sec:exclude>
                          <sec:exclude>.*{_}DH_anon{_}{*}*.*</sec:exclude>
              </sec:cipherSuitesFilter>           
            </http:tlsClientParameters>         
   </http:conduit>

I'm logging/tracing the SSL for both the successful Axis2 client and
unsuccessful CXF client and I see the ServerHelloDone message on both. Then,
on the Axis2 client, I see a "Certificate chain" message with a single entry
right before the ClientKeyExchange. On the CXF client, I see the
"Certificate chain" header, but no entry. 

Then, for the ClientKeyExchange, the Axis2 client sends 2 - 926 byte
messages, whereas the CXF client sends 2 - 141 byte messages. The Axis2
client finishes the SSL handshake successfully and moves on to the
application data. The CXF client has a failed handshake and then restarts
the ClientHello phase again. 

I'm stuck. Any help is appreciated. I can send complete SSL outputs for both
if that would help.
-- 
View this message in context: 
http://old.nabble.com/CXF-client-SSL-pain-tp27551100p27551100.html
Sent from the cxf-user mailing list archive at Nabble.com.

Reply via email to