Java allows to use a custom VM-wide SSLSocketFactory implementation like so: HttpsURLConnection.setDefaultSSLSocketFactory(SSLSocketFactory). Thus, you can either implement your own SSLSocketFactory or you can configure a regular instance according to your needs/environment. You have to understand that there are probably very few use cases where this method actually really helps. Setting a static default SSLSocketFactory influences all components that require a SSL connection of some sort. The same socket factory instance will be used!
Apache CXF has long had very good SSL support built right in. The documentation is pretty clear about how configure the SSL connection(s). Up to version 2.2.7, however, CXF ignored any custom SSLSocketFactory set as described above. CXF’s HttpsURLConnectionFactory.decorateWithTLS(HttpURLConnection) simply wasn’t prepared for that.
CXF 2.2.7 now supports this through a simple configuration parameter. The feature proposal in the CXF JIRA describes the change: https://issues.apache.org/jira/browse/CXF-2693. I only had to add a few lines to the Spring application context:
<http-conf:conduit name="*.http-conduit"> <http-conf:tlsClientParameters useHttpsURLConnectionDefaultSslSocketFactory="true" /> </http-conf:conduit> <!-- Due to a XML parsing issue mentioned here http://email@example.com/msg13711.html it's necessary to import the CXF XMLs explicitly. --> <import resource="classpath:META-INF/cxf/cxf.xml" /> <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" /> <import resource="classpath:META-INF/cxf/cxf-servlet.xml" />