Re: CXF 3.0.4 server cannot receive message from TLS1.0 client

Tue, 12 May 2015 07:55:33 -0700 

For the record, I added some tests that show a client using TLSv1:

https://git1-us-west.apache.org/repos/asf?p=cxf.git;a=commit;h=64a55d27

Colm.

On Mon, May 4, 2015 at 8:50 PM, boca2608 <boca2...@gmail.com> wrote:

> Hi Colm,
>
> Thank you very much for your response.  I am not sure what you meant by
> "complete service configuration" so I copied the entire <engine>
> configuration here.  Please let me know if it is something else you would
> like to see.
>
>         <httpj:engine-factory bus="cxf">
>
>                 <httpj:engine port="${my.listener.port}">
>                         <httpj:tlsServerParameters>
>                                 <sec:keyManagers
> keyPassword="${my.sslserver.keyalias.password}">
>                                         <sec:keyStore
> type="${my.sslserver.keystore.type}"
>
> password="${my.sslserver.keystore.password}"
>
> resource="${my.sslserver.keystore}" />
>                                 </sec:keyManagers>
>                                 <sec:trustManagers>
>                                         <sec:keyStore
> type="${my.sslserver.keystore.type}"
>
> password="${my.sslserver.keystore.password}"
>
> resource="${my.sslserver.keystore}" />
>                                 </sec:trustManagers>
>
>                                 <sec:cipherSuitesFilter>
>
> <sec:include>.*_EXPORT_.*</sec:include>
>
> <sec:include>.*_EXPORT1024_.*</sec:include>
>
>
> <sec:include>.*_WITH_3DES_.*</sec:include>
>
> <sec:include>.*_WITH_AES_.*</sec:include>
>
> <sec:include>.*_WITH_NULL_.*</sec:include>
>
> <sec:exclude>.*_DH_anon_.*</sec:exclude>
>                                 </sec:cipherSuitesFilter>
>
>                                 <sec:clientAuthentication want="false"
> required="false" />
>                         </httpj:tlsServerParameters>
>                 </httpj:engine>
>         </httpj:engine-factory>
>
> As for the client, it is a remote client owned by others so I cannot add
> Java options for the client to debug it.  But here is some additional info
> that may help:
>
> 1.  If I switch my application to run with CXF 3.0.2, everything would
> work.
> (That might be because the client could downgrade to SSLv3.)
> 2.  The client can communicate with an IIS server that has SSLv3 disabled
> and TLS 1.0 enabled.
>
> Thanks again.
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/CXF-3-0-4-server-cannot-receive-message-from-TLS1-0-client-tp5756863p5756962.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Reply via email to