How to disable SSLv2 socket protocol in axis

Question

I have a problem with consuming a web service using axis.This happen because axis sent a SSLv2 ClientHello and the server that offer the webservice does not support the SSLv2 protocol. To fix this i have to disable this protocol. The code for disable it in Java is :

SocketFactory socketFactory = SSLSocketFactory.getDefault();
SSLSocket socket = (SSLSocket) socketFactory.createSocket(hostname, port);
socket.setEnabledProtocols(new String[] {"SSLv3", "TLSv1"});

I refer to these link. Now, the problem is how can I disable this protocol when I am using axis for consuming the webservice?

That depends on what container you are running in. – BillRobertson42 Feb 03 '12 at 11:54 — BillRobertson42, Feb 03 '12 at 11:54

score 1 · Accepted Answer · edited May 23 '17 at 11:45

1

If you're using Axis 2, you should be able to configure an Apache HttpClient 3.x SecureProtocolSocketFactory (see the Axis 2 documentation on the subject). You should be able to set the enabled protocols in createSocket before returning the socket. (You might also be interested in this question.)

For Axis 1, you should be able to set the axis.socketSecureFactory property to your own class name implementing an Axis SecureSocketFactory and configure the socket in the same way there.

edited May 23 '17 at 11:45

Community

1
1

answered Feb 03 '12 at 12:07

Bruno

119,590
31
270
376

Thank you for the reply.I am using axis 1. I am trying to do the implementation of SecureSocketFactory, but it is not clear for me where i have to put the code that tell to the socket to use the protocols : "SSLv3", "TLSv1" ? I am trying something like this : – edi843 Feb 03 '12 at 12:51
In the `create` method, with returns the socket, before returning your instance of `SSLSocket`, call `setEnabledProtocols` on it. – Bruno Feb 03 '12 at 12:57

score 0 · Answer 2 · edited May 23 '17 at 13:38

For Axis 1:

Create your custom MySocketFactory which extends SecureScoketFatory.

String[] protocols = { "TLSv1" };//provide the list of protocols which you        want to enable
((SSLSocket) sslSocket).setEnabledProtocols(protocols);

Then at your web service client level provide the System property like below.

System.setProperty("axis.socketSecureFactory", "com.custom.MySocketFactory");

How to disable SSLv2 socket protocol in axis

2 Answers2

Linked