Menu
A third party our application is integrate with has recently made changes in their security level protocols. In short, My Axis client should now send calls using TLSv1.1 or TLSv1.2. I have seen other posts regarding this, with some good ideas:
After making those changes in code, I have triggered the calls again, I have used a snipping tool to monitor the sent package, and I still see in the SSL layer that the protocol being used is TLSv1.
the packet snippet
what am I doing wrong here?
this is how I set my new SocketSecureFactory:
AxisProperties.setProperty("axis.socketSecureFactory", MyTLSSocketSecureFactory.class.getName());
whereas MyTLSSocketSecureFactory is:
public class MyTLSSocketSecureFactory extends JSSESocketFactory {
public MyTLSSocketSecureFactory(Hashtable attributes) {
super(attributes);
}
@Override
public Socket create(String host,int port, StringBuffer otherHeaders,BooleanHolder useFullURL)
throws Exception{
Socket s = super.create(host, port, otherHeaders, useFullURL);
((SSLSocket)s).setEnabledProtocols(new String[] {"TLSv1.1", "TLSv1.2"});
return s;
}
}
would really appreciate any comments, thanks.
300
MultiValueMap<String, String> headers = new LinkedMultiValueMap<String, String>(); headers. add("Content-Type", MediaType. APPLICATION_JSON_VALUE); HttpEntity<Object> entity = new HttpEntity<Object>(requestAsString, headers); postForObject = restTemplate. postForObject(url, entity, responseClass );
How to check if TLS 1.2 is enabled? If the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client\DisabledByDefault is present, the value should be 0.
Transport Layer Security (TLS) is the successor protocol to SSL. TLS is an improved version of SSL. It works in much the same way as the SSL, using encryption to protect the transfer of data and information. The two terms are often used interchangeably in the industry although SSL is still widely used.
In your MyTLSSocketSecureFactory class, you need create your own SSLContext instance and then get the sslFactory from the context.
Override the initFactory() method, and somethings like:
initFactory() {
SSLContext context = SSLContext.getInstance("TLSv1.2");
context.init(null, null, null);
sslFactory = context.getSocketFactory();
}
You can also just change the default SSLContext
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(null, null, null);
SSLContext.setDefault(sslContext);
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
