So you don't see a 'ServerHello' in the log? This means the Client Request is not seen/received by the server.
You may have to do a network trace and look at the TCP connection(s) themselves. -Bernhard On Sat, Feb 4, 2012 at 1:37 AM, JKemp <[email protected]> wrote: > Hey guys, > > I've been having some issues with my SSL connections. We're using SSL with > basic auth and using a client side certificate. Originally when I start my > system, everything authenticates and connects correctly, but once I exceed > the 15 second timeout between calls on my connection, the connection is > closed and any subsequent connection I try to make results in a > handshake_failure. > > I don't have much experience with this technology, but I thought it might > be > that the HTTP client session caching was causing the problem. So I updated > my conduit configuration and set CacheControl="no-cache", but even after > doing that, it looks like the client session is still being stored and > reused. I also tried CacheControl="no-store", but that didn't have any > effect either. Am I not understanding the nature of these parameters? > > <http:conduit > name="{http://www.client.com/service/}foo.http-conduit";> > <http:tlsClientParameters > secureSocketProtocol="SSL"> > <sec:keyManagers keyPassword="password"> > <sec:keyStore type="JKS" password="password" > file="__TRUST_STORE_LOCATION__" /> > </sec:keyManagers> > > </http:tlsClientParameters> > > <http:authorization> > <sec:UserName>UserName</sec:UserName> > <sec:Password>password</sec:Password> > </http:authorization> > <http:client AutoRedirect="true" Connection="Keep-Alive" > CacheControl="no-cache"/> > </http:conduit> > > And here's my endpoint configuration: > > <cxf:cxfEndpoint id="notificationService" > address="__NOTIFICATION_URL__" > serviceName="an:notificationService_V0101" > endpointName="an:notification" > serviceClass="com.client.notification.NotificationPortType" > wsdlURL="etc/Notification/Notification.wsdl" > xmlns:an="http://www.client.com/service/";> > </cxf:cxfEndpoint> > > From the logs: > > Allow unsafe renegotiation: false > Allow legacy hello messages: true > Is initial handshake: true > Is secure renegotiation: false > qtp496418976-17 - /Result, setSoTimeout(60000) called > %% Client cached [Session-1, SSL_RSA_WITH_RC4_128_MD5] > %% Try resuming [Session-1, SSL_RSA_WITH_RC4_128_MD5] from port 39817 > *** ClientHello, SSLv3 > > This system is using CXF inside of Camel. > > CXF Version: 2.4.2 > Camel Version: 2.8.3 > > Any help would be appreciated. > > Thanks! > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Question-on-SSL-caching-tp5455499p5455499.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- IT-Consulting Bernhard Thalmayr - Painstaking Minds - 83620 Vagen (Munich area) Germany
