CXF Async HTTP client switches HTTP stack when specifying a custom SSL socket factory

Solution Verified - Updated -

Issue

When configuring a CXF client for a custom SSLSocketFactory implementation in the configuration of an HTTPConduit, the asynchronous HTTP client conduit switches to using the synchronous JDK's HttpUrlConnection as the underlying HTTP client rather than using HttpAsyncClient.
Here is the relevant client code that leads to this behaviour:

TLSClientParameters params = new TLSClientParameters();
params.setSSLSocketFactory(myFactory);
conduit.setTlsClientParameters(params);

For example, when switching from non-secured (test) to secured (prod) SOAP server, the underlying HTTP client changes which has impacts on the scalability of the application.

This is an unexpected side effect that is not documented and which is clearly not desirable.
We took the approach of working around this behaviour and configure the TLS parameters this way:

TLSClientParameters params = new TLSClientParameters();
params.setCertAlias(...);
params.setSecureSocketProtocol(...);
params.setKeyManagers(...);
params.setTrustManagers(...);
params.setSecureRandom(...);
params.setCipherSuites(...);
conduit.setTlsClientParameters(params);

Environment

  • JBoss Fuse 6.2.1
  • Apache CXF 3.0.4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content