For the record, I added some tests that show a client using TLSv1: https://git1-us-west.apache.org/repos/asf?p=cxf.git;a=commit;h=64a55d27
Colm. On Mon, May 4, 2015 at 8:50 PM, boca2608 <boca2...@gmail.com> wrote: > Hi Colm, > > Thank you very much for your response. I am not sure what you meant by > "complete service configuration" so I copied the entire <engine> > configuration here. Please let me know if it is something else you would > like to see. > > <httpj:engine-factory bus="cxf"> > > <httpj:engine port="${my.listener.port}"> > <httpj:tlsServerParameters> > <sec:keyManagers > keyPassword="${my.sslserver.keyalias.password}"> > <sec:keyStore > type="${my.sslserver.keystore.type}" > > password="${my.sslserver.keystore.password}" > > resource="${my.sslserver.keystore}" /> > </sec:keyManagers> > <sec:trustManagers> > <sec:keyStore > type="${my.sslserver.keystore.type}" > > password="${my.sslserver.keystore.password}" > > resource="${my.sslserver.keystore}" /> > </sec:trustManagers> > > <sec:cipherSuitesFilter> > > <sec:include>.*_EXPORT_.*</sec:include> > > <sec:include>.*_EXPORT1024_.*</sec:include> > > > <sec:include>.*_WITH_3DES_.*</sec:include> > > <sec:include>.*_WITH_AES_.*</sec:include> > > <sec:include>.*_WITH_NULL_.*</sec:include> > > <sec:exclude>.*_DH_anon_.*</sec:exclude> > </sec:cipherSuitesFilter> > > <sec:clientAuthentication want="false" > required="false" /> > </httpj:tlsServerParameters> > </httpj:engine> > </httpj:engine-factory> > > As for the client, it is a remote client owned by others so I cannot add > Java options for the client to debug it. But here is some additional info > that may help: > > 1. If I switch my application to run with CXF 3.0.2, everything would > work. > (That might be because the client could downgrade to SSLv3.) > 2. The client can communicate with an IIS server that has SSLv3 disabled > and TLS 1.0 enabled. > > Thanks again. > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/CXF-3-0-4-server-cannot-receive-message-from-TLS1-0-client-tp5756863p5756962.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com