How to enforce an Axis Client to use TLSv1.2 protocol

Question

A third party our application is integrate with has recently made changes in their security level protocols. In short, My Axis client should now send calls using TLSv1.1 or TLSv1.2. I have seen other posts regarding this, with some good ideas:

1. here
2. here.

After making those changes in code, I have triggered the calls again, I have used a snipping tool to monitor the sent package, and I still see in the SSL layer that the protocol being used is TLSv1.

the packet snippet

what am I doing wrong here?

this is how I set my new SocketSecureFactory:

AxisProperties.setProperty("axis.socketSecureFactory", MyTLSSocketSecureFactory.class.getName());

whereas MyTLSSocketSecureFactory is:

public class MyTLSSocketSecureFactory extends JSSESocketFactory {
    public MyTLSSocketSecureFactory(Hashtable attributes) {
        super(attributes);
    }

    @Override
    public Socket create(String host,int port,   StringBuffer otherHeaders,BooleanHolder useFullURL)
              throws Exception{
        Socket s = super.create(host, port, otherHeaders, useFullURL);
        ((SSLSocket)s).setEnabledProtocols(new String[] {"TLSv1.1", "TLSv1.2"});
        return s;
    }
}

would really appreciate any comments, thanks.

Answer 1

In your MyTLSSocketSecureFactory class, you need create your own SSLContext instance and then get the sslFactory from the context.

Override the initFactory() method, and somethings like:

initFactory() {
  SSLContext context = SSLContext.getInstance("TLSv1.2");
  context.init(null, null, null);
  sslFactory = context.getSocketFactory();
}

Answer 2

You can also just change the default SSLContext

    SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
    sslContext.init(null, null, null);
    SSLContext.setDefault(sslContext);