How to enforce an Axis Client to use TLSv1.2 protocol

Question

A third party our application is integrate with has recently made changes in their security level protocols. In short, My Axis client should now send calls using TLSv1.1 or TLSv1.2. I have seen other posts regarding this, with some good ideas:

here
here.

After making those changes in code, I have triggered the calls again, I have used a snipping tool to monitor the sent package, and I still see in the SSL layer that the protocol being used is TLSv1.

the packet snippet

what am I doing wrong here?

this is how I set my new SocketSecureFactory:

AxisProperties.setProperty("axis.socketSecureFactory", MyTLSSocketSecureFactory.class.getName());

whereas MyTLSSocketSecureFactory is:

public class MyTLSSocketSecureFactory extends JSSESocketFactory {
    public MyTLSSocketSecureFactory(Hashtable attributes) {
        super(attributes);
    }

    @Override
    public Socket create(String host,int port,   StringBuffer otherHeaders,BooleanHolder useFullURL)
              throws Exception{
        Socket s = super.create(host, port, otherHeaders, useFullURL);
        ((SSLSocket)s).setEnabledProtocols(new String[] {"TLSv1.1", "TLSv1.2"});
        return s;
    }
}

would really appreciate any comments, thanks.

I'm having the exact same problem - the 3'rd party server started to accept only TLS 1.1 or 1.2 connections since last night without prior notification. I'm using JDK 6 u 35, Axis 1.4. Tried with the below described solution but it doesn't make any difference, tshark still says I'm going out with TLSv1: TLSv1 75 Alert (Level: Fatal, Description: Handshake Failure) — Sergiu, May 12 '17 at 09:56

score 8 · Answer 1 · edited Jul 01 '16 at 15:31

8

In your MyTLSSocketSecureFactory class, you need create your own SSLContext instance and then get the sslFactory from the context.

Override the initFactory() method, and somethings like:

initFactory() {
  SSLContext context = SSLContext.getInstance("TLSv1.2");
  context.init(null, null, null);
  sslFactory = context.getSocketFactory();
}

edited Jul 01 '16 at 15:31

Gama11

31,714
9
78
100

answered Dec 18 '15 at 02:19

zgcharley

1,084
3
17
24

This works well. Just need to change the SSLContext.getInstance("TSLv1.2"); "TSL" to TLS.. – Krozen Dec 28 '15 at 09:06

score 3 · Answer 2 · answered Jul 28 '16 at 05:58

3

You can also just change the default SSLContext

    SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
    sslContext.init(null, null, null);
    SSLContext.setDefault(sslContext);

answered Jul 28 '16 at 05:58

k107

15,882
11
61
59

score 0 · Answer 3 · answered May 21 '18 at 14:14

0

See also https://github.com/unkascrack/axis-ssl they introduce a SSLClientAxisEngineConfig EngineConfiguration implementation to enable TLS.

answered May 21 '18 at 14:14

Martin

1,385
15
21

How to enforce an Axis Client to use TLSv1.2 protocol

3 Answers3

Linked