ejb-over-ssl.html - tomee-site-pub - Git at Google

 <!DOCTYPE html>
 <html lang="en">
   <head>

     <meta charset="UTF-8">
       <title>EJB over SSL</title>
     <meta name="description" content="Apache TomEE">
     <meta name="author" content="Apache TomEE">
     <meta name="google-translate-customization" content="f36a520c08f4c9-0a04e86a9c075ce9-g265f3196f697cf8f-10">
     <meta http-equiv="Pragma" content="no-cache">
     <meta http-equiv="Expires" content="0">
     <meta http-equiv="Cache-Control" content="no-store, no-cache, must-revalidate, max-age=0">

     <!-- Le HTML5 shim, for IE6-8 support of HTML elements -->
     <!--[if lt IE 9]>
       <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
     <![endif]-->

     <!-- Le styles -->
     <link href="./resources/css/bootstrap.css" rel="stylesheet">
     <link href="./resources/css/prettify.css" rel="stylesheet">
     <!--link href="./resources/css/bootstrap-mods.css" rel="stylesheet"-->
     <link href="./resources/css/main.css" rel="stylesheet">
     <link href="./resources/font-awesome-4.6.3/css/font-awesome.min.css" rel="stylesheet">

     <script type="text/javascript">
         var t = encodeURIComponent(document.title.replace(/^\s+|\s+$/g,""));
         var u = encodeURIComponent(""+document.URL);

       function fbshare () {
           window.open(
                   "http://www.facebook.com/sharer/sharer.php?u="+u,
                   'Share on Facebook',
                   'width=640,height=426');
       };
       function gpshare () {
           window.open(
                   "https://plus.google.com/share?url="+u,
                   'Share on Google+',
                   'width=584,height=385');
       };
       function twshare () {
           window.open(
                   "https://twitter.com/intent/tweet?url="+u+"&text="+t,
                   'Share on Twitter',
                   'width=800,height=526');
       };
       function pinshare () {
           window.open("//www.pinterest.com/pin/create/button/?url="+u+"&media=http%3A%2F%2Ftomee.apache.org%2Fresources%2Fimages%2Ffeather-logo.png&description="+t,
                   'Share on Pinterest',
                   'width=800,height=526');
       };
     </script>

     <!-- Le fav and touch icons -->
     <link rel="shortcut icon" href="./favicon.ico">
     <link rel="apple-touch-icon" href="./resources/images/apple-touch-icon.png">
     <link rel="apple-touch-icon" sizes="72x72" href="./resources/images/apple-touch-icon-72x72.png">
     <link rel="apple-touch-icon" sizes="114x114" href="./resources/images/apple-touch-icon-114x114.png">

     <script src="./resources/js/prettify.js" type="text/javascript"></script>
     <script src="./resources/js/jquery-latest.js"></script>
     <script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
     <script src="./resources/js/common.js"></script>
     <script src="./resources/js/prettyprint.js"></script>
     <!--script src="//assets.pinterest.com/js/pinit.js" type="text/javascript" async></script//-->

     <script type="text/javascript">

       var _gaq = _gaq || [];
       _gaq.push(['_setAccount', 'UA-2717626-1']);
       _gaq.push(['_setDomainName', 'apache.org']);
       _gaq.push(['_trackPageview']);

       (function() {
         var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
         ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
         var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
       })();

     </script>
   </head>

   <body>

     <div class="topbar" data-dropdown="dropdown">
       <div class="fill">
         <div class="container">
           <a class="brand" href="./index.html">Apache TomEE</a>
           <ul class="nav">
               <li class="dropdown">
                   <a class="dropdown-toggle" data-toggle="dropdown" href="#">
                   Apache
                       <b class="caret"></b>
                   </a>
                   <ul class="dropdown-menu">
                      <!-- <li><a href="./misc/whoweare.html">Who we are?</a></li> -->
                      <!-- <li><a href="./misc/heritage.html">Heritage</a></li> -->
                      <li><a href="http://www.apache.org">Apache Home</a></li>
                      <!-- <li><a href="./misc/resources.html">Resources</a></li> -->
                      <li><a href="./misc/contact.html">Contact</a></li>
                      <li><a href="./misc/legal.html">Legal</a></li>
                      <li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
                      <li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
                      <li class="divider"/>
                      <li><a href="http://www.apache.org/security">Security</a></li>
                   </ul>
               </li>
               <li><a href="./index.html">Home</a></li>
               <li><a href="./downloads.html">Downloads</a></li>
               <li><a href="./documentation.html">Documentation</a></li>
               <li><a href="./examples-trunk/index.html">Examples</a></li>
               <li><a href="./support.html">Support</a></li>
               <li><a href="./contribute.html">Contribute</a></li>
               <li><a href="./security/index.html">Security</a></li>
           </ul>

             <!-- Google CSE Search Box Begins  -->
             <FORM class="pull-right" id="searchbox_010475492895890475512:_t4iqjrgx90" action="http://www.google.com/cse">
                 <INPUT type="hidden" name="cx" value="010475492895890475512:_t4iqjrgx90">
                 <INPUT type="hidden" name="cof" value="FORID:0">
                 <INPUT size="18" width="130" style="width:130px" name="q" type="text" placeholder="Search">
             </FORM>
             <!--<SCRIPT type="text/javascript" src="http://www.google.com/coop/cse/brand?form=searchbox_010475492895890475512:_t4iqjrgx90"></SCRIPT>-->
             <!-- Google CSE Search Box Ends -->
         </div>
       </div>
     </div>

     <div class="container">


 <div class="page-header">
     <small><a href="./index.html">Home</a></small><br>
     <h1>EJB over SSL

         <div style="float: right; position: relative; bottom: -10px; ">
             <a onclick="javascript:gpshare()" class="gp-share sprite" title="Share on Google+">share [gp]</a>
             <a onclick="javascript:fbshare()" class="fb-share sprite" title="Share on Facebook">share [fb]</a>
             <a onclick="javascript:twshare()" class="tw-share sprite" title="Share on Twitter">share [tw]</a>
             <a onclick="javascript:pinshare()" class="pin-share sprite" title="Share on Pinterest">share [pin]</a>
             <a data-toggle="modal" href="#edit" class="edit-page" title="Contribute to this Page">contribute</a>
         </div>
     </h1>
 </div>

 <p>It is possible to setup client/server requests over SSL.  EJB requests from a remote client can happen two different ways:</p>

 <ul>
 <li><strong>https</strong> for when an EJB is running in TomEE</li>
 <li><strong>ejbds</strong> for when an EJB is running in OpenEJB Standalone</li>
 </ul>

 <p>Note, TomEE can be setup to support <strong>ejbds</strong>.</p>

 <h1>https</h1>

 <p>First, you'll need to setup Tomcat (TomEE) with SSL as described here:</p>

 <p><a href="http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html">http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html</a></p>

 <p>Once that is done and the <code>tomee</code> webapp can be accessed with <code>https</code>, an EJB client can invoke over <code>https</code> using the following
 <code>InitialContext</code> setup:</p>

 <pre><code>Properties p = new Properties();
 p.put("java.naming.factory.initial", "org.apache.openejb.client.RemoteInitialContextFactory");
 p.put("java.naming.provider.url", "https://127.0.0.1:8443/tomee/ejb");
 // user and pass optional
 p.put("java.naming.security.principal", "myuser");
 p.put("java.naming.security.credentials", "mypass");

 InitialContext ctx = new InitialContext(p);

 MyBean myBean = (MyBean) ctx.lookup("MyBeanRemote");
 </code></pre>

 <p>If you setup Tomcat (TomEE) to use the APR (Apache Portable Runitme) implementation of SSL on the server side, and you have connection issues like connection reset, you'll have to set 'https.protocols' system property.
 'https.protocols' property must be set according to the SSLProtocol parameter of the HTTPS connector configuration :</p>

 <p><a href="http://tomcat.apache.org/tomcat-7.0-doc/config/http.html">http://tomcat.apache.org/tomcat-7.0-doc/config/http.html</a></p>

 <p>You can also have a look a this : </p>

 <p><a href="http://docs.oracle.com/javase/1.4.2/docs/guide/plugin/developer_guide/faq/troubleshooting.html">http://docs.oracle.com/javase/1.4.2/docs/guide/plugin/developer_guide/faq/troubleshooting.html</a></p>

 <h1>ejbds</h1>

 <p>The SSL version of the <code>ejbd</code> protocol is called <code>ejbds</code> and is enabled and setup in OpenEJB Standalone by default.</p>

 <p>Its configuration <code>conf/ejbds.properties</code> looks like this:</p>

 <pre><code>server      = org.apache.openejb.server.ejbd.EjbServer
 bind        = 127.0.0.1
 port        = 4203
 disabled    = false
 threads     = 200
 backlog     = 200
 secure      = true
 discovery   = ejb:ejbds://{bind}:{port}
 </code></pre>

 <p>To access this service from a remote client, the <code>InitialContext</code> would be setup like the following:</p>

 <pre><code>Properties p = new Properties();
 p.put("java.naming.factory.initial", "org.apache.openejb.client.RemoteInitialContextFactory");
 p.put("java.naming.provider.url", "ejbd://localhost:4201");
 // user and pass optional
 p.put("java.naming.security.principal", "myuser");
 p.put("java.naming.security.credentials", "mypass");

 InitialContext ctx = new InitialContext(p);

 MyBean myBean = (MyBean) ctx.lookup("MyBeanRemote");
 </code></pre>

 <h2>Changing the Cipher Suite</h2>

 <p><a href="https://issues.apache.org/jira/browse/OPENEJB-1856">This is a pending feature</a>
 By default, the ejbds protocol connects with SSL_DH_anon_WITH_RC4_128_MD5. That means your connection is encrypted and the integrity of the transmission is verified. However, this only protects your from eavesdroppers, it offers absolutely zero protection from Man in the Middle attacks. This sort of attack could be pulled off without your knowledge and the attacker has the ability to intercept, monitor, and even modify your messages. If the attacker could control a router on your connection path, this attack could be trivially pulled off with nothing more but the OpenEJB server and client.</p>

 <p>To secure your connections against this sort of attack, your client can cryptographically prove it's talking to the correct server before sending any data. To do this, simply select one or more secure cipher suites that your J2SE provider supports from <a href="http://docs.oracle.com/cd/E19728-01/820-2550/cipher_suites.html">this listing</a>.</p>

 <p>You must now instruct the client and server to use that suite.</p>

 <p>On the server:</p>

 <pre><code>server      = org.apache.openejb.server.ejbd.EjbServer
 bind        = 127.0.0.1
 port        = 4203
 disabled    = false
 threads     = 200
 backlog     = 200
 secure      = true
 enabledCipherSuites = TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA
 discovery   = ejb:ejbds://{bind}:{port}
 </code></pre>

 <p>On the client, you must supply a property:</p>

 <pre><code>-Dopenejb.client.enabledCipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA
 </code></pre>

 <p>The final piece is to make sure your server has available a private certificate that the the client can trust. This can be certificate from an authority or a self signed certificate. The javax.net.ssl.trustStore and javax.net.ssl.keyStore JVM properties <a href="http://fusesource.com/docs/broker/5.3/security/SSL-SysProps.html">are used to set this up.</a></p>


         <div id="edit" class="modal hide fade in" style="display: none; ">
             <div class="modal-header">
                 <a class="close" data-dismiss="modal">x</a>

                 <h3>Thank you for contributing to the documentation!</h3>
             </div>
             <div class="modal-body">
                 <h4>Any help with the documentation is greatly appreciated.</h4>
                 <p>All edits are reviewed before going live, so feel free to do much more than fix typos or links.  If you see a page that could benefit from an entire rewrite, we'd be thrilled to review it.  Don't be surprised if we like it so much we ask you for help with other pages :)</p>
                 <small>NOTICE: unless indicated otherwise on the pages in question, all editable content available from apache.org is presumed to be licensed under the Apache License (AL) version 2.0 and hence all submissions to apache.org treated as formal Contributions under the license terms.</small>
                 <!--[if gt IE 6]>
                 <h4>Internet Explorer Users</h4>
                 <p>If you are not an Apache committer, click the Yes link and enter a <i>anonymous</i> for the username and leave the password empty</p>
                 <![endif]-->

             </div>
             <div class="modal-footer">
                 Do you have an Apache ID?
                 <a href="javascript:void(location.href='https://cms.apache.org/redirect?uri='+escape(location.href))" class="btn">Yes</a>
                 <a href="javascript:void(location.href='https://anonymous:@cms.apache.org/redirect?uri='+escape(location.href))" class="btn">No</a>
             </div>
         </div>
         <script src="./resources/js/bootstrap-modal.js"></script>

         <footer>
             <p>Copyright &copy; 1999-2016 The Apache Software Foundation, Licensed under the Apache License, Version 2.0.
                 Apache TomEE, TomEE, Apache, the Apache feather logo, and the Apache TomEE project logo are trademarks of The Apache Software Foundation.
                 All other marks mentioned may be trademarks or registered trademarks of their respective owners.</p>
         </footer>

     </div> <!-- /container -->

     <!-- Javascript
     ================================================== -->
     <!-- Placed at the end of the document so the pages load faster -->
     <script src="./resources/js/bootstrap-dropdown.js"></script>

   </body>
 </html>
	<!DOCTYPE html>
	<html lang="en">
	<head>

	<meta charset="UTF-8">
	<title>EJB over SSL</title>
	<meta name="description" content="Apache TomEE">
	<meta name="author" content="Apache TomEE">
	<meta name="google-translate-customization" content="f36a520c08f4c9-0a04e86a9c075ce9-g265f3196f697cf8f-10">
	<meta http-equiv="Pragma" content="no-cache">
	<meta http-equiv="Expires" content="0">
	<meta http-equiv="Cache-Control" content="no-store, no-cache, must-revalidate, max-age=0">

	<!-- Le HTML5 shim, for IE6-8 support of HTML elements -->
	<!--[if lt IE 9]>
	<script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
	<![endif]-->

	<!-- Le styles -->
	<link href="./resources/css/bootstrap.css" rel="stylesheet">
	<link href="./resources/css/prettify.css" rel="stylesheet">
	<!--link href="./resources/css/bootstrap-mods.css" rel="stylesheet"-->
	<link href="./resources/css/main.css" rel="stylesheet">
	<link href="./resources/font-awesome-4.6.3/css/font-awesome.min.css" rel="stylesheet">

	<script type="text/javascript">
	var t = encodeURIComponent(document.title.replace(/^\s+\|\s+$/g,""));
	var u = encodeURIComponent(""+document.URL);

	function fbshare () {
	window.open(
	"http://www.facebook.com/sharer/sharer.php?u="+u,
	'Share on Facebook',
	'width=640,height=426');
	};
	function gpshare () {
	window.open(
	"https://plus.google.com/share?url="+u,
	'Share on Google+',
	'width=584,height=385');
	};
	function twshare () {
	window.open(
	"https://twitter.com/intent/tweet?url="+u+"&text="+t,
	'Share on Twitter',
	'width=800,height=526');
	};
	function pinshare () {
	window.open("//www.pinterest.com/pin/create/button/?url="+u+"&media=http%3A%2F%2Ftomee.apache.org%2Fresources%2Fimages%2Ffeather-logo.png&description="+t,
	'Share on Pinterest',
	'width=800,height=526');
	};
	</script>

	<!-- Le fav and touch icons -->
	<link rel="shortcut icon" href="./favicon.ico">
	<link rel="apple-touch-icon" href="./resources/images/apple-touch-icon.png">
	<link rel="apple-touch-icon" sizes="72x72" href="./resources/images/apple-touch-icon-72x72.png">
	<link rel="apple-touch-icon" sizes="114x114" href="./resources/images/apple-touch-icon-114x114.png">

	<script src="./resources/js/prettify.js" type="text/javascript"></script>
	<script src="./resources/js/jquery-latest.js"></script>
	<script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
	<script src="./resources/js/common.js"></script>
	<script src="./resources/js/prettyprint.js"></script>
	<!--script src="//assets.pinterest.com/js/pinit.js" type="text/javascript" async></script//-->

	<script type="text/javascript">

	var _gaq = _gaq \|\| [];
	_gaq.push(['_setAccount', 'UA-2717626-1']);
	_gaq.push(['_setDomainName', 'apache.org']);
	_gaq.push(['_trackPageview']);

	(function() {
	var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
	ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
	var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
	})();

	</script>
	</head>

	<body>

	<div class="topbar" data-dropdown="dropdown">
	<div class="fill">
	<div class="container">
	<a class="brand" href="./index.html">Apache TomEE</a>
	<ul class="nav">
	<li class="dropdown">
	<a class="dropdown-toggle" data-toggle="dropdown" href="#">
	Apache
	<b class="caret"></b>
	</a>
	<ul class="dropdown-menu">
	<!-- <li><a href="./misc/whoweare.html">Who we are?</a></li> -->
	<!-- <li><a href="./misc/heritage.html">Heritage</a></li> -->
	<li><a href="http://www.apache.org">Apache Home</a></li>
	<!-- <li><a href="./misc/resources.html">Resources</a></li> -->
	<li><a href="./misc/contact.html">Contact</a></li>
	<li><a href="./misc/legal.html">Legal</a></li>
	<li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
	<li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
	<li class="divider"/>
	<li><a href="http://www.apache.org/security">Security</a></li>
	</ul>
	</li>
	<li><a href="./index.html">Home</a></li>
	<li><a href="./downloads.html">Downloads</a></li>
	<li><a href="./documentation.html">Documentation</a></li>
	<li><a href="./examples-trunk/index.html">Examples</a></li>
	<li><a href="./support.html">Support</a></li>
	<li><a href="./contribute.html">Contribute</a></li>
	<li><a href="./security/index.html">Security</a></li>
	</ul>

	<!-- Google CSE Search Box Begins -->
	<FORM class="pull-right" id="searchbox_010475492895890475512:_t4iqjrgx90" action="http://www.google.com/cse">
	<INPUT type="hidden" name="cx" value="010475492895890475512:_t4iqjrgx90">
	<INPUT type="hidden" name="cof" value="FORID:0">
	<INPUT size="18" width="130" style="width:130px" name="q" type="text" placeholder="Search">
	</FORM>
	<!--<SCRIPT type="text/javascript" src="http://www.google.com/coop/cse/brand?form=searchbox_010475492895890475512:_t4iqjrgx90"></SCRIPT>-->
	<!-- Google CSE Search Box Ends -->
	</div>
	</div>
	</div>

	<div class="container">


	<div class="page-header">
	<small><a href="./index.html">Home</a></small><br>
	<h1>EJB over SSL

	<div style="float: right; position: relative; bottom: -10px; ">
	<a onclick="javascript:gpshare()" class="gp-share sprite" title="Share on Google+">share [gp]</a>
	<a onclick="javascript:fbshare()" class="fb-share sprite" title="Share on Facebook">share [fb]</a>
	<a onclick="javascript:twshare()" class="tw-share sprite" title="Share on Twitter">share [tw]</a>
	<a onclick="javascript:pinshare()" class="pin-share sprite" title="Share on Pinterest">share [pin]</a>
	<a data-toggle="modal" href="#edit" class="edit-page" title="Contribute to this Page">contribute</a>
	</div>
	</h1>
	</div>

	<p>It is possible to setup client/server requests over SSL. EJB requests from a remote client can happen two different ways:</p>

	<ul>
	<li><strong>https</strong> for when an EJB is running in TomEE</li>
	<li><strong>ejbds</strong> for when an EJB is running in OpenEJB Standalone</li>
	</ul>

	<p>Note, TomEE can be setup to support <strong>ejbds</strong>.</p>

	<h1>https</h1>

	<p>First, you'll need to setup Tomcat (TomEE) with SSL as described here:</p>

	<p><a href="http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html">http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html</a></p>

	<p>Once that is done and the <code>tomee</code> webapp can be accessed with <code>https</code>, an EJB client can invoke over <code>https</code> using the following
	<code>InitialContext</code> setup:</p>

	<pre><code>Properties p = new Properties();
	p.put("java.naming.factory.initial", "org.apache.openejb.client.RemoteInitialContextFactory");
	p.put("java.naming.provider.url", "https://127.0.0.1:8443/tomee/ejb");
	// user and pass optional
	p.put("java.naming.security.principal", "myuser");
	p.put("java.naming.security.credentials", "mypass");

	InitialContext ctx = new InitialContext(p);

	MyBean myBean = (MyBean) ctx.lookup("MyBeanRemote");
	</code></pre>

	<p>If you setup Tomcat (TomEE) to use the APR (Apache Portable Runitme) implementation of SSL on the server side, and you have connection issues like connection reset, you'll have to set 'https.protocols' system property.
	'https.protocols' property must be set according to the SSLProtocol parameter of the HTTPS connector configuration :</p>

	<p><a href="http://tomcat.apache.org/tomcat-7.0-doc/config/http.html">http://tomcat.apache.org/tomcat-7.0-doc/config/http.html</a></p>

	<p>You can also have a look a this : </p>

	<p><a href="http://docs.oracle.com/javase/1.4.2/docs/guide/plugin/developer_guide/faq/troubleshooting.html">http://docs.oracle.com/javase/1.4.2/docs/guide/plugin/developer_guide/faq/troubleshooting.html</a></p>

	<h1>ejbds</h1>

	<p>The SSL version of the <code>ejbd</code> protocol is called <code>ejbds</code> and is enabled and setup in OpenEJB Standalone by default.</p>

	<p>Its configuration <code>conf/ejbds.properties</code> looks like this:</p>

	<pre><code>server = org.apache.openejb.server.ejbd.EjbServer
	bind = 127.0.0.1
	port = 4203
	disabled = false
	threads = 200
	backlog = 200
	secure = true
	discovery = ejb:ejbds://{bind}:{port}
	</code></pre>

	<p>To access this service from a remote client, the <code>InitialContext</code> would be setup like the following:</p>

	<pre><code>Properties p = new Properties();
	p.put("java.naming.factory.initial", "org.apache.openejb.client.RemoteInitialContextFactory");
	p.put("java.naming.provider.url", "ejbd://localhost:4201");
	// user and pass optional
	p.put("java.naming.security.principal", "myuser");
	p.put("java.naming.security.credentials", "mypass");

	InitialContext ctx = new InitialContext(p);

	MyBean myBean = (MyBean) ctx.lookup("MyBeanRemote");
	</code></pre>

	<h2>Changing the Cipher Suite</h2>

	<p><a href="https://issues.apache.org/jira/browse/OPENEJB-1856">This is a pending feature</a>
	By default, the ejbds protocol connects with SSL_DH_anon_WITH_RC4_128_MD5. That means your connection is encrypted and the integrity of the transmission is verified. However, this only protects your from eavesdroppers, it offers absolutely zero protection from Man in the Middle attacks. This sort of attack could be pulled off without your knowledge and the attacker has the ability to intercept, monitor, and even modify your messages. If the attacker could control a router on your connection path, this attack could be trivially pulled off with nothing more but the OpenEJB server and client.</p>

	<p>To secure your connections against this sort of attack, your client can cryptographically prove it's talking to the correct server before sending any data. To do this, simply select one or more secure cipher suites that your J2SE provider supports from <a href="http://docs.oracle.com/cd/E19728-01/820-2550/cipher_suites.html">this listing</a>.</p>

	<p>You must now instruct the client and server to use that suite.</p>

	<p>On the server:</p>

	<pre><code>server = org.apache.openejb.server.ejbd.EjbServer
	bind = 127.0.0.1
	port = 4203
	disabled = false
	threads = 200
	backlog = 200
	secure = true
	enabledCipherSuites = TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA
	discovery = ejb:ejbds://{bind}:{port}
	</code></pre>

	<p>On the client, you must supply a property:</p>

	<pre><code>-Dopenejb.client.enabledCipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA
	</code></pre>

	<p>The final piece is to make sure your server has available a private certificate that the the client can trust. This can be certificate from an authority or a self signed certificate. The javax.net.ssl.trustStore and javax.net.ssl.keyStore JVM properties <a href="http://fusesource.com/docs/broker/5.3/security/SSL-SysProps.html">are used to set this up.</a></p>




	<div id="edit" class="modal hide fade in" style="display: none; ">
	<div class="modal-header">
	<a class="close" data-dismiss="modal">x</a>

	<h3>Thank you for contributing to the documentation!</h3>
	</div>
	<div class="modal-body">
	<h4>Any help with the documentation is greatly appreciated.</h4>
	<p>All edits are reviewed before going live, so feel free to do much more than fix typos or links. If you see a page that could benefit from an entire rewrite, we'd be thrilled to review it. Don't be surprised if we like it so much we ask you for help with other pages :)</p>
	<small>NOTICE: unless indicated otherwise on the pages in question, all editable content available from apache.org is presumed to be licensed under the Apache License (AL) version 2.0 and hence all submissions to apache.org treated as formal Contributions under the license terms.</small>
	<!--[if gt IE 6]>
	<h4>Internet Explorer Users</h4>
	<p>If you are not an Apache committer, click the Yes link and enter a <i>anonymous</i> for the username and leave the password empty</p>
	<![endif]-->

	</div>
	<div class="modal-footer">
	Do you have an Apache ID?
	<a href="javascript:void(location.href='https://cms.apache.org/redirect?uri='+escape(location.href))" class="btn">Yes</a>
	<a href="javascript:void(location.href='https://anonymous:@cms.apache.org/redirect?uri='+escape(location.href))" class="btn">No</a>
	</div>
	</div>
	<script src="./resources/js/bootstrap-modal.js"></script>

	<footer>
	<p>Copyright © 1999-2016 The Apache Software Foundation, Licensed under the Apache License, Version 2.0.
	Apache TomEE, TomEE, Apache, the Apache feather logo, and the Apache TomEE project logo are trademarks of The Apache Software Foundation.
	All other marks mentioned may be trademarks or registered trademarks of their respective owners.</p>
	</footer>

	</div> <!-- /container -->

	<!-- Javascript
	================================================== -->
	<!-- Placed at the end of the document so the pages load faster -->
	<script src="./resources/js/bootstrap-dropdown.js"></script>

	</body>
	</html>