The 'no-cache' Cache-Control setting receides on 'HTTP'-protocol layer not on 'SSL'-protocol layer.
I don't now CXF code in detail, but it seems that the SSL-transport can not be configured in the way you need it. However as with 'browser' connections a full handshake has to be made if no 'HTTP-keep-alive' is used. You may try setting connection="close" in the http configuration and make another network trace ... it should look different. If CXF does not reuse the underlying TCP/HTTP connection it's always better to close the connection to save the servers's keep-alive system from starvation. -Bernhard On Sat, Feb 4, 2012 at 11:06 PM, JKemp <[email protected]> wrote: > > Bernhard Thalmayr wrote > > > > So you don't see a 'ServerHello' in the log? This means the Client > Request > > is not seen/received by the server. > > > > You may have to do a network trace and look at the TCP connection(s) > > themselves. > > > > I got some packet captures from the networking team that hosts the service, > but I'm not all that familiar with how to ready the finer details. It > looks > like they're kicking back the handshake failure after they receive our > Client Hello, but I'm not sure why that's the case, since our original > connection succeeds: > > > 2844 101259.108606 x.x.67.14 x.x.31.5 SSLv3 300 > Client Hello > > 2846 101259.190816 x.x.31.5 x.x.67.14 SSLv3 73 > Alert (Level: Fatal, Description: Handshake Failure) > > I thought it might be an issue with reusing the cached SSL session (just a > wild guess on my part) so I thought if I could disable the reuse of the > session it would start from scratch and work like the original connection. > But like I said, the CacheControl settings didn't seem to do anything > (although, again, I was just guessing that the "no-cache" setting would > have > the desired effect of ignoring the cached SSL session. Is that a valid > assumption that that's what the no-cache setting is supposed to do?) > > Thanks in advance for any help with this. > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Question-on-SSL-caching-tp5455499p5457036.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- IT-Consulting Bernhard Thalmayr - Painstaking Minds - 83620 Vagen (Munich area) Germany
