Hi Colm,
Thank you very much for your response. I am not sure what you meant by
"complete service configuration" so I copied the entire <engine>
configuration here. Please let me know if it is something else you would
like to see.
<httpj:engine-factory bus="cxf">
<httpj:engine port="${my.listener.port}">
<httpj:tlsServerParameters>
<sec:keyManagers
keyPassword="${my.sslserver.keyalias.password}">
<sec:keyStore
type="${my.sslserver.keystore.type}"
password="${my.sslserver.keystore.password}"
resource="${my.sslserver.keystore}" />
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore
type="${my.sslserver.keystore.type}"
password="${my.sslserver.keystore.password}"
resource="${my.sslserver.keystore}" />
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_3DES_.*</sec:include>
<sec:include>.*_WITH_AES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
<sec:clientAuthentication want="false"
required="false" />
</httpj:tlsServerParameters>
</httpj:engine>
</httpj:engine-factory>
As for the client, it is a remote client owned by others so I cannot add
Java options for the client to debug it. But here is some additional info
that may help:
1. If I switch my application to run with CXF 3.0.2, everything would work.
(That might be because the client could downgrade to SSLv3.)
2. The client can communicate with an IIS server that has SSLv3 disabled
and TLS 1.0 enabled.
Thanks again.
--
View this message in context:
http://cxf.547215.n5.nabble.com/CXF-3-0-4-server-cannot-receive-message-from-TLS1-0-client-tp5756863p5756962.html
Sent from the cxf-user mailing list archive at Nabble.com.
