0

My webserice provider provides HTTPS services and I need to consume them. I'm using JAX-WS and invoking the webservice with given HTTPS URL, The response is coming as expected, but when I see the logs it says HTTP request and the request XML is not encrypted, I enabled 

"com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.dump=true;"

to print the logs in console.

Is that a behavior when we print XML in console, If I want to see encrypted XML, What should I do

I'm not sure whether encryption is happening when transmitting the request.

Marcel Stör
  • 22,695
  • 19
  • 92
  • 198
Selvakumar Ponnusamy
  • 5,363
  • 7
  • 40
  • 78

1 Answers1

1

If you are on Linux, you can use Socket Stat ss -pr for inspecting open sockets (and whether they are secure). On BSD (but also on Linux), use netstat, while I'm sure there is a similar tool also on Windows, although I never used one.

Otherwise, use a network inspecting tool like Wireshark or Tcpflow/Tcpdump and see whether the messages are sent over HTTPS or not.

Note: these tools will only confirm that a TLS/SSL connection is present, they cannot substitute a thorough security audit.

Stefano Sanfilippo
  • 32,265
  • 7
  • 79
  • 80