Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.java.programmer > #22425 > unrolled thread
| Started by | nateastle@gmail.com |
|---|---|
| First post | 2013-02-21 11:55 -0800 |
| Last post | 2013-02-28 17:01 -0500 |
| Articles | 4 — 2 participants |
Back to article view | Back to comp.lang.java.programmer
Enable SSLv2Hello in java 1.7 nateastle@gmail.com - 2013-02-21 11:55 -0800
Re: Enable SSLv2Hello in java 1.7 Arne Vajhøj <arne@vajhoej.dk> - 2013-02-24 17:42 -0500
Re: Enable SSLv2Hello in java 1.7 nateastle@gmail.com - 2013-02-28 08:15 -0800
Re: Enable SSLv2Hello in java 1.7 Arne Vajhøj <arne@vajhoej.dk> - 2013-02-28 17:01 -0500
| From | nateastle@gmail.com |
|---|---|
| Date | 2013-02-21 11:55 -0800 |
| Subject | Enable SSLv2Hello in java 1.7 |
| Message-ID | <407b8547-0096-4daf-9e27-ec25259add15@googlegroups.com> |
I am connecting to a soap server and in the request they are sending back a SSLv2Hello. This is a bug in their system but since I cannot control it I have to code around it. I am wondering if anyone has any idea on how to call a HTTPS soap service with TLSv1 and SSLv2Hello enabled?
[toc] | [next] | [standalone]
| From | Arne Vajhøj <arne@vajhoej.dk> |
|---|---|
| Date | 2013-02-24 17:42 -0500 |
| Message-ID | <512a9759$0$281$14726298@news.sunsite.dk> |
| In reply to | #22425 |
On 2/21/2013 2:55 PM, nateastle@gmail.com wrote:
> I am connecting to a soap server and in the request they are sending
> back a SSLv2Hello. This is a bug in their system but since I cannot
> control it I have to code around it. I am wondering if anyone has any
> idea on how to call a HTTPS soap service with TLSv1 and SSLv2Hello
> enabled?
You explained the problem quite a bit better here:
http://www.coderanch.com/t/605513/Web-Services/java/Enable-SSLv-java
:-)
http://stackoverflow.com/questions/13214987/is-it-possibl-to-send-sslv2-hello-messages-from-a-client-using-java-socket
suggests though that the feature was removed in 1.7.
http://docs.oracle.com/javase/7/docs/webnotes/adoptionGuide/index.html
states:
<quote>
SSLv2Hello disabled by default on clients
As of the JDK 7 release, SSLv2Hello is removed from the default-enabled
client protocol list.
</quote>
which seems to indicate that it can be enabled.
Off looking for how to do that.
http://www.oracle.com/technetwork/java/javase/compatibility-417013.html
<quote>
Area: Runtime
Synopsis: The SSLv2Hello Handshake Protocol is Now Disabled by Default
Description: The SSLv2Hello handshake protocol, which was used by SSLv3
server implementations to communicate with older SSLv2 server
implementations that did not understand SSLv3, is now disabled by
default. A side effect of this is that the SSL/TLS extensions are no
longer stripped from the hello message. In most cases, this is not a
problem because an SSL/TLS peer is supposed to ignore any extensions
that it does not understand. However, there may be older server
implementations that experience problems. The system property,
sun.security.ssl.allowUnsafeRenegotiation, can be set to true to restore
previous behavior, but is not recommended.
Nature of Incompatibility: behavioral
</quote>
So try:
System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
http://www.oracle.com/technetwork/java/javase/documentation/tlsreadme2-176330.html
explains more about the context.
Arne
[toc] | [prev] | [next] | [standalone]
| From | nateastle@gmail.com |
|---|---|
| Date | 2013-02-28 08:15 -0800 |
| Message-ID | <13d29ff2-6914-450d-9d0d-18245fee41ab@googlegroups.com> |
| In reply to | #22425 |
On Thursday, February 21, 2013 12:55:31 PM UTC-7, nate...@gmail.com wrote: > I am connecting to a soap server and in the request they are sending back a SSLv2Hello. This is a bug in their system but since I cannot control it I have to code around it. I am wondering if anyone has any idea on how to call a HTTPS soap service with TLSv1 and SSLv2Hello enabled? Thank you Arne for your reply. I have found a solution to this. I explained a little bit more http://www.coderanch.com/t/605513/Web-Services/java/Enable-SSLv-java#2766243 in the end I used OpenJDK for the runtime as the removal of SSLv2Hello was only in the sun version of the SSLContextImpl Nate
[toc] | [prev] | [next] | [standalone]
| From | Arne Vajhøj <arne@vajhoej.dk> |
|---|---|
| Date | 2013-02-28 17:01 -0500 |
| Message-ID | <512fd3b4$0$289$14726298@news.sunsite.dk> |
| In reply to | #22625 |
On 2/28/2013 11:15 AM, nateastle@gmail.com wrote:
> On Thursday, February 21, 2013 12:55:31 PM UTC-7, nate...@gmail.com wrote:
>> I am connecting to a soap server and in the request they are sending back a SSLv2Hello. This is a bug in their system but since I cannot control it I have to code around it. I am wondering if anyone has any idea on how to call a HTTPS soap service with TLSv1 and SSLv2Hello enabled?
>
> Thank you Arne for your reply. I have found a solution to this. I explained a little bit more
> http://www.coderanch.com/t/605513/Web-Services/java/Enable-SSLv-java#2766243
You did not want to try:
System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
?
> in the end I used OpenJDK for the runtime as the removal of SSLv2Hello was only in the sun version of the SSLContextImpl
If this is for internal usage only then fine, but if you intend to
distribute the code, then it could be a problem - Oracle Java is way
more widely used than OpenJDK.
Arne
[toc] | [prev] | [standalone]
Back to top | Article view | comp.lang.java.programmer
csiph-web