4

I use wsimport to generate code from a particular WSDL. I tried Java 10, it failed handshake, then I tried Java 9 and it was okay.

I watched communication using wireshark, and the cause became clear, the server I communicated still uses TLSv1, and I guess Java 10 wsimport no longer tolerate that (not by default at least), although 9 does.

There is nothing I can do with the server, so the question becomes how I can run Java 10 wsimport with TLSv1 tolerance?

Peter Pei Guo
  • 7,770
  • 18
  • 35
  • 54
  • 2
    1. Mostly, [with Java11 there would be no support for `wsimport`](http://openjdk.java.net/jeps/320). 2. This [bug seems to be related to your issue?](https://bugs.java.com/view_bug.do?bug_id=8190917) – Naman Jul 29 '18 at 18:00

1 Answers1

2

More investigation was done, and the most helpful test was done using ssl labs. It turned out that the server supports a weak cipher suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA.

The issue was solved by adding the following java option:

-Dhttps.cipherSuites=SSL_RSA_WITH_3DES_EDE_CBC_SHA

Cannot specify the cipher suite as TLS_RSA_WITH_3DES_EDE_CBC_SHA. Java's naming convention requires it to be called SSL_RSA_WITH_3DES_EDE_CBC_SHA.

Side note: the bug mentioned in @nullpointer's comment above was solved in all three versions I tried: Java 9/10/11.

Community
  • 1
  • 1
Peter Pei Guo
  • 7,770
  • 18
  • 35
  • 54