How to invalidate SSL Session to avoid SSLHandshakeException
I, too, suffer from the "SSLHandshakeException" problem. We are using soapUI-pro v3.6 (on Mac OS) to access a third-party server that we believe is running a .NET environment. This server does not use certificates, and we have been advised to use SSLv3. I have added these options to my soapui-pro.sh:
-Dsun.security.ssl.allowUnsafeRenegotiation=true -Dsoapui.https.protocol=SSLv3 -Djavax.net.debug=ssl:verbose
After I launch soapUI-pro, my first request to this server usually succeeds. I can then usually submit several more requests in rapid succession, and they will also succeed. (Sometimes, but rarely, one of these requests will return an SSLHandshakeException.)
However, if I wait 5-10 minutes after a successful request before I submit the next request, that new request will always return an SSLHandshakeException.
In the debug=ssl:verbose output from the new request submitted after the 5-10 minute pause, I see this:
%% Client cached [Session-1, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
%% Try resuming [Session-1, SSL_RSA_WITH_3DES_EDE_CBC_SHA] from port 52113
*** ClientHello, SSLv3
Perhaps the server has invalidated the Session during that 5-10 minute interval, and when soapUI tries to resume the previous session a handshake exception results.
How can I force soapUI to invalidate an SSL Session?
Thanks,
FastBill
-Dsun.security.ssl.allowUnsafeRenegotiation=true -Dsoapui.https.protocol=SSLv3 -Djavax.net.debug=ssl:verbose
After I launch soapUI-pro, my first request to this server usually succeeds. I can then usually submit several more requests in rapid succession, and they will also succeed. (Sometimes, but rarely, one of these requests will return an SSLHandshakeException.)
However, if I wait 5-10 minutes after a successful request before I submit the next request, that new request will always return an SSLHandshakeException.
In the debug=ssl:verbose output from the new request submitted after the 5-10 minute pause, I see this:
%% Client cached [Session-1, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
%% Try resuming [Session-1, SSL_RSA_WITH_3DES_EDE_CBC_SHA] from port 52113
*** ClientHello, SSLv3
Perhaps the server has invalidated the Session during that 5-10 minute interval, and when soapUI tries to resume the previous session a handshake exception results.
How can I force soapUI to invalidate an SSL Session?
Thanks,
FastBill