2

After updating from IBM JDK 6.0SR9 to 6.0SR10 I keep getting (on the server-side):

java.io.IOException: javax.net.ssl.SSLHandshakeException: Client requested protocol SSLv3 not enabled or not supported
                at com.ibm.jsse2.kb.z(kb.java:107)
                at com.ibm.jsse2.SSLEngineImpl.b(SSLEngineImpl.java:4)
                at com.ibm.jsse2.SSLEngineImpl.c(SSLEngineImpl.java:224)
                at com.ibm.jsse2.SSLEngineImpl.wrap(SSLEngineImpl.java:377)
                at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:6)

None of the security settings were modified. Any idea how I can (re)enable SSLv3?

Thanks.

nobeh
  • 9,784
  • 10
  • 49
  • 66
heeboir
  • 729
  • 1
  • 9
  • 26
  • Also, have a look at here: http://stackoverflow.com/questions/28236091/how-to-enable-ssl-3-in-java – iAmcR Feb 22 '17 at 16:52

3 Answers3

1

In later releases, SSLv3 is disabled by default for security reasons.

The following tech note should detail how to enable this.

http://www-01.ibm.com/support/docview.wss?uid=swg21318567

Simon O'Doherty
  • 9,259
  • 3
  • 26
  • 54
  • Do you have any link about SSLv3 being disabled? That tech note suggests how to enable both SSL and TLS, but I can't see where it says SSLv3 is disabled (unless in FIPS mode as EJP said). – Bruno May 10 '12 at 11:47
1

The exception occurs when the client and server SSL protocol settings do not match.

The following client sample code works with server side configured supporting TLSv1.2 protocol:

String response = "";

URL url = new URL("https://localhost:9043/myservlet);

final SSLContext ctx = SSLContext.getInstance("TLSv1.2");
ctx.init(null, null, null);
// final String protoccol = ctx.getProtocol();

HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());

final HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();

conn.setReadTimeout(15000);
conn.setConnectTimeout(15000);
conn.setRequestMethod("POST");
conn.setDoInput(true);
conn.setDoOutput(true);

final OutputStream os = conn.getOutputStream();
final BufferedWriter writer =
  new BufferedWriter(new OutputStreamWriter(os, "UTF-8"));

writer.write(......);

writer.flush();
writer.close();
os.close();

final int responseCode = conn.getResponseCode();

if (responseCode == HttpsURLConnection.HTTP_OK) {
  String line;
  final BufferedReader br =
    new BufferedReader(new InputStreamReader(conn.getInputStream()));
  while ((line = br.readLine()) != null) {
    response += line;
  }
}

System.out.println("response: " + response);
Albert Yu
  • 19
  • 1
0

SSLEngine.setEnabledProtocols(), but SSLv3 should certainly be enabled by default. I would double-check your assertion that it hasn't been disabled.

user207421
  • 305,947
  • 44
  • 307
  • 483
  • Double-checked. In fact I can now reproduce the problem by simply switching between the old and new ibmjsseprovider2.jar. Everything else (conf, dependent libs) remains the same. By explicitly setting the SSL protocol to SSL_TLS/SSL_TLSv2 I get the old functionality back. So, has its default value been in fact changed? – heeboir Apr 06 '12 at 14:40
  • Here's what IBM reports as new in this release: https://www.ibm.com/developerworks/java/jdk/security/60/secguides/jsse2Docs/JSSE2RefGuide.html#JSSE2RefGuide__WhatsNew – heeboir Apr 06 '12 at 14:46
  • 1
    @heeboir It states there that the 'IBM implementation supports the following protocols: SSL, SSLv3, TLS, TLSv1, and SSL_TLS for engine class SSLContext or the API setEnabledProtocols in the SSLSocket or SSLServerSocket classes,' but also that 'The SSLv3 protocol is not allowed when in FIPS mode'. Are you in FIPS mode? – user207421 Apr 09 '12 at 05:38