Jason Pell wrote > See this is where I don't see nonce as useful if connection is protected. > TLS should be immune to replay attacks.
Yes you are right - but I was attempting to use username password with message protection i.e. signed and encrypted. (that's in my original message but very easy to miss!) -- View this message in context: http://cxf.547215.n5.nabble.com/CXF-client-send-nonce-and-timestamp-tp5749743p5749865.html Sent from the cxf-user mailing list archive at Nabble.com.
