Forum Discussion

pseudo42xx's avatar
pseudo42xx
15 years ago

Forcing TLSv1 SSL client request

Is there a way to force SOAPUI client requests to use TLSv1 for SSL server connections?

We have an intermediate proxy/gateway system that will not allow SSLv2 or negotiate SSL protocol and my current attempts to pass-thru this device are failing due to an incorrrect SSL version number from the client. The client appears to request via SSLv2 initially.
  • dgiese's avatar
    dgiese
    New Contributor
    15 years ago
    I've got a similar situation. We've got a FIPS 140-2 compliant server that refuses requests from soapUI. The following is from our server log:

    15:29:46,186  INFO [http-0.0.0.0-443-1] STDOUT:156 - http-0.0.0.0-443-1, handling exception: javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled
    15:29:46,188  INFO [http-0.0.0.0-443-1] STDOUT:156 - http-0.0.0.0-443-1
    15:29:46,188  INFO [http-0.0.0.0-443-1] STDOUT:156 - , SEND TLSv1 ALERT:
    15:29:46,189  INFO [http-0.0.0.0-443-1] STDOUT:156 - fatal,
    15:29:46,189  INFO [http-0.0.0.0-443-1] STDOUT:156 - description = handshake_failure
    15:29:46,189  INFO [http-0.0.0.0-443-1] STDOUT:156 - http-0.0.0.0-443-1, WRITE: TLSv1 Alert, length = 2
    15:29:46,189  INFO [http-0.0.0.0-443-1] STDOUT:156 - [Raw write]: length = 7

    Any advice would be appreciated.
  • dgiese's avatar
    dgiese
    New Contributor
    15 years ago
    Eviware has come through with a solution to this issue. It seems that soapUI does not respect the https.protocols JVM property, but support for an additional property (soapui.https.protocols) has been added to nightly builds since October 14th, 2010. You can grab the latest build here: http://www.eviware.com/nightly-builds/soapui-pro/3.6.1-SNAPSHOT. To disable SSL v2, simply install the latest version of soapUI and add the following line to the .vmoptions file in the bin directory:
    -Dsoapui.https.protocols=SSLv3,TLSv1