Question on SSL caching

Fri, 03 Feb 2012 17:12:06 -0800 

Hey guys,

I've been having some issues with my SSL connections.  We're using SSL with
basic auth and using a client side certificate.  Originally when I start my
system, everything authenticates and connects correctly, but once I exceed
the 15 second timeout between calls on my connection, the connection is
closed and any subsequent connection I try to make results in a
handshake_failure.

I don't have much experience with this technology, but I thought it might be
that the HTTP client session caching was causing the problem.  So I updated
my conduit configuration and set CacheControl="no-cache", but even after
doing that, it looks like the client session is still being stored and
reused.  I also tried CacheControl="no-store", but that didn't have any
effect either.  Am I not understanding the nature of these parameters?

        <http:conduit
                name="{http://www.client.com/service/}foo.http-conduit";>
                <http:tlsClientParameters
                        secureSocketProtocol="SSL">
                        <sec:keyManagers keyPassword="password">
                                <sec:keyStore type="JKS" password="password"
                                        file="__TRUST_STORE_LOCATION__" />
                        </sec:keyManagers>

                </http:tlsClientParameters>

                <http:authorization>
                        <sec:UserName>UserName</sec:UserName>
                        <sec:Password>password</sec:Password>
                </http:authorization>
                <http:client AutoRedirect="true" Connection="Keep-Alive"
CacheControl="no-cache"/>
        </http:conduit>

And here's my endpoint configuration:

        <cxf:cxfEndpoint id="notificationService" address="__NOTIFICATION_URL__"
                serviceName="an:notificationService_V0101" 
endpointName="an:notification"
                serviceClass="com.client.notification.NotificationPortType"
                wsdlURL="etc/Notification/Notification.wsdl"
xmlns:an="http://www.client.com/service/";>
        </cxf:cxfEndpoint>

>From the logs:

   Allow unsafe renegotiation: false
   Allow legacy hello messages: true
   Is initial handshake: true
   Is secure renegotiation: false
   qtp496418976-17 - /Result, setSoTimeout(60000) called
   %% Client cached [Session-1, SSL_RSA_WITH_RC4_128_MD5]
   %% Try resuming [Session-1, SSL_RSA_WITH_RC4_128_MD5] from port 39817
   *** ClientHello, SSLv3

This system is using CXF inside of Camel.

CXF Version: 2.4.2
Camel Version: 2.8.3

Any help would be appreciated.

Thanks!

--
View this message in context: 
http://cxf.547215.n5.nabble.com/Question-on-SSL-caching-tp5455499p5455499.html
Sent from the cxf-user mailing list archive at Nabble.com.

Reply via email to