Alright, we resolved the issue. This turned out to be an issue with the
server that we were connecting to. What was happening was that our SSL
Client Hello for our original request was using SSLv2. The server responded
with the Server Hello with SSLv3, which our client accepted and we proceeded
with the connection over SSLv3. However, on a subsequent connection, we
sent an SSLv3 Client Hello that tried to use the cached SSL session, which
the server rejected. We couldn't figure out why this was the case and the
folks that owned the server we were connecting to were... less than helpful.
Just as an experiment, I changed our application to always use SSLv3:
<http:tlsClientParameters
secureSocketProtocol="SSLv3" sslCacheTimeout="10">
</http:tlsClientParameters>
This resulted in them immediately rejecting our Client Hello, even when we
weren't using a cached SSL session. They couldn't explain why their server
was rejecting the SSLv3 Client Hellos, so I just changed our application to
use TLS v1 and the problem went away:
<http:tlsClientParameters
secureSocketProtocol="TLS" sslCacheTimeout="10">
</http:tlsClientParameters>
Fun times.
--
View this message in context:
http://cxf.547215.n5.nabble.com/Question-on-SSL-caching-tp5455499p5725449.html
Sent from the cxf-user mailing list archive at Nabble.com.
