Hey guys, I've been having some issues with my SSL connections. We're using SSL with basic auth and using a client side certificate. Originally when I start my system, everything authenticates and connects correctly, but once I exceed the 15 second timeout between calls on my connection, the connection is closed and any subsequent connection I try to make results in a handshake_failure.
I don't have much experience with this technology, but I thought it might be that the HTTP client session caching was causing the problem. So I updated my conduit configuration and set CacheControl="no-cache", but even after doing that, it looks like the client session is still being stored and reused. I also tried CacheControl="no-store", but that didn't have any effect either. Am I not understanding the nature of these parameters? <http:conduit name="{http://www.client.com/service/}foo.http-conduit"> <http:tlsClientParameters secureSocketProtocol="SSL"> <sec:keyManagers keyPassword="password"> <sec:keyStore type="JKS" password="password" file="__TRUST_STORE_LOCATION__" /> </sec:keyManagers> </http:tlsClientParameters> <http:authorization> <sec:UserName>UserName</sec:UserName> <sec:Password>password</sec:Password> </http:authorization> <http:client AutoRedirect="true" Connection="Keep-Alive" CacheControl="no-cache"/> </http:conduit> And here's my endpoint configuration: <cxf:cxfEndpoint id="notificationService" address="__NOTIFICATION_URL__" serviceName="an:notificationService_V0101" endpointName="an:notification" serviceClass="com.client.notification.NotificationPortType" wsdlURL="etc/Notification/Notification.wsdl" xmlns:an="http://www.client.com/service/"> </cxf:cxfEndpoint> >From the logs: Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false qtp496418976-17 - /Result, setSoTimeout(60000) called %% Client cached [Session-1, SSL_RSA_WITH_RC4_128_MD5] %% Try resuming [Session-1, SSL_RSA_WITH_RC4_128_MD5] from port 39817 *** ClientHello, SSLv3 This system is using CXF inside of Camel. CXF Version: 2.4.2 Camel Version: 2.8.3 Any help would be appreciated. Thanks! -- View this message in context: http://cxf.547215.n5.nabble.com/Question-on-SSL-caching-tp5455499p5455499.html Sent from the cxf-user mailing list archive at Nabble.com.