0

According the following code, how can I set protocols to TLSv1.2,TLSv1,SSLv3 ?

Using SoapUi, I'm able to request the service using the following config : -Dsoapui.https.protocols=TLSv1.2,TLSv1,SSLv3

Using CXF, i'm getting a "javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)"

If i'm removing SSLv3, the output is "javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure"

Sorry for my poor knowledge about Soap and SSL...

URL wsdlLocation = this.getClass().getResource("service.wsdl");

Service service = new Service(wsdlLocation);
Soap stub = service.getSoap();

BindingProvider bp = (BindingProvider) stub;

Map<String, Object> context = bp.getRequestContext();

context.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "https://url.to.service/service");

Client client = ClientProxy.getClient(stub);

HTTPConduit httpConduit = (HTTPConduit) client.getConduit();
try {
    TLSClientParameters tlsParams = new TLSClientParameters();
    tlsParams.setDisableCNCheck(true);
    tlsParams.setSecureSocketProtocol("SSLv3");

    KeyStore keyStore = KeyStore.getInstance("JKS");
    String trustpass = "pass";

    File truststore = new File("/home/user/keystore.jks");
    keyStore.load(new FileInputStream(truststore), trustpass.toCharArray());
    TrustManagerFactory trustFactory = TrustManagerFactory
            .getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustFactory.init(keyStore);
    TrustManager[] tm = trustFactory.getTrustManagers();
    tlsParams.setTrustManagers(tm);

    truststore = new File("/home/user/keystore.jks");
    keyStore.load(new FileInputStream(truststore), trustpass.toCharArray());
    KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    keyFactory.init(keyStore, trustpass.toCharArray());
    KeyManager[] km = keyFactory.getKeyManagers();
    tlsParams.setKeyManagers(km);

    FiltersType filter = new FiltersType();
    filter.getInclude().add(".*_EXPORT_.*");
    filter.getInclude().add(".*_EXPORT1024_.*");
    filter.getInclude().add(".*_WITH_DES_.*");
    filter.getInclude().add(".*_WITH_NULL_.*");
    filter.getExclude().add(".*_DH_anon_.*");
    tlsParams.setCipherSuitesFilter(filter);

    httpConduit.setTlsClientParameters(tlsParams);
} catch (Exception e) {
    LOG.error(e.getMessage());
}
Barium Scoorge
  • 1,938
  • 3
  • 27
  • 48

1 Answers1

1

I have encountered the same issue and solved it through change the protocol name from tlsParams.setSecureSocketProtocol("SSL"); to tlsParams.setSecureSocketProtocol("TLSv1");

Notice You should determine which protocol version(SSLv1? SSLv2? TLSv1....) previously before you change it. Please refer to determine the protocol name and version

Plus if this workaround do not work for you please refer to possible causes Hope this work for you and others

Community
  • 1
  • 1
user2354382
  • 11
  • 3