CXF 2.2.4 client trying to access an Axis2 soap web service over SSL
I can't get my CXF client to get past the SSL handshake, but the sample
Axis2 client from the web service developer works fine. Here's my config:
<http:conduit name="*.http-conduit">
<http:tlsClientParameters secureSocketProtocol="SSL"
disableCNCheck="true">
<sec:keyManagers >
<sec:keyStore type="PKCS12" password="testing"
file="C:\projects\hit-ws\Epp\test.eyeappts.com.p12"
/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="trustword"
file="C:\projects\hit-ws\Epp\truststore"
/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>.*{_}WITH_3DES{_}{*}*.*</sec:include>
<sec:include>.*{_}EXPORT{_}{*}*.*</sec:include>
<sec:include>.*{_}EXPORT1024{_}{*}*.*</sec:include>
<sec:include>.*{_}WITH_DES{_}{*}*.*</sec:include>
<sec:include>SSL_RSA_WITH_RC4_128_MD5</sec:include>
<sec:include>SSL_RSA_WITH_RC4_128_SHA</sec:include>
<sec:exclude>.*{_}WITH_NULL{_}{*}*.*</sec:exclude>
<sec:exclude>.*{_}DH_anon{_}{*}*.*</sec:exclude>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
</http:conduit>
I'm logging/tracing the SSL for both the successful Axis2 client and
unsuccessful CXF client and I see the ServerHelloDone message on both. Then,
on the Axis2 client, I see a "Certificate chain" message with a single entry
right before the ClientKeyExchange. On the CXF client, I see the
"Certificate chain" header, but no entry.
Then, for the ClientKeyExchange, the Axis2 client sends 2 - 926 byte
messages, whereas the CXF client sends 2 - 141 byte messages. The Axis2
client finishes the SSL handshake successfully and moves on to the
application data. The CXF client has a failed handshake and then restarts
the ClientHello phase again.
I'm stuck. Any help is appreciated. I can send complete SSL outputs for both
if that would help.
--
View this message in context:
http://old.nabble.com/CXF-client-SSL-pain-tp27551100p27551100.html
Sent from the cxf-user mailing list archive at Nabble.com.
