Hi, most likely this is not the problem since I have the same setup where this is working. But assuming this could be the cause of the problem: Where would I find the code that checks for TLS and provides this information for the policy evaluation?
-----Original Message----- From: Alexey Markevich <[email protected]> Sent: Thursday, 6 April 2023 10:42 To: [email protected] Subject: Re: WSDL Algorithm Suite Policy Assertions Hi, Is Java updated? There was some changes in TLS[1]: JDK-8202343: Disable TLS 1.0 and 1.1 1. https://mail.openjdk.org/pipermail/jdk8u-dev/2021-April/013680.html On 4/6/23, Kessler, Joerg <[email protected]> wrote: > Thank you for your answers. That is what I did. I enabled all loggers for > CXF and WSS4J and I think Neethi. But I was not able to see something like > the algorithm suite determined is .... or the layout that is different from > strict. The only error I see is a stack trace that just lists all algorithm > policies and the layout policy of the transport binding. Maybe the logs show > something if WS signature or WS encryption is used. In my case only https is > used. So I wonder how this is determined for https. > > Jörg > > -----Original Message----- > From: Mark Presling <[email protected]> > Sent: Thursday, 6 April 2023 02:41 > To: [email protected] > Subject: Re: WSDL Algorithm Suite Policy Assertions > > I'd also enable DEBUG logging for org.apache.wss4j. That's how I find out > what failed when I'm debugging Signature/Encryption algorithm issues. > > On Thu, 6 Apr 2023 at 03:32, Colm O hEigeartaigh <[email protected]> > wrote: > >> I think the best way is to enable debug logging on the CXF side, the >> root cause should be logged there. >> >> Colm. >> >> On Wed, Apr 5, 2023 at 7:57 AM Kessler, Joerg >> <[email protected]> wrote: >> > >> > Hi, >> > A sender system sends SOAP messages to a CXF endpoint. The endpoint is >> configured using a WSDL that has a transport binding policy including >> algorithm suite. Since a few days the error >> > These policy alternatives can not be satisfied: { >> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AlgorithmSuite >> { >> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}Basic256 …. >> > is returned. The authentication is client certificate. So my assumption >> is that the algorithms for https have changed. The error above does not >> return what value was checked. I did some code analysis but I am not able >> to find the code where the algorithm is determined that is asserted. I >> was >> also not able to log it. How can I analyze this problem? >> > >> > Best Regards, >> > >> > Jörg >> >
