Forum Discussion

pseudo42xx's avatar
14 years ago

Forcing TLSv1 SSL client request

Is there a way to force SOAPUI client requests to use TLSv1 for SSL server connections?

We have an intermediate proxy/gateway system that will not allow SSLv2 or negotiate SSL protocol and my current attempts to pass-thru this device are failing due to an incorrrect SSL version number from the client. The client appears to request via SSLv2 initially.

2 Replies

  • dgiese's avatar
    dgiese
    New Contributor
    I've got a similar situation. We've got a FIPS 140-2 compliant server that refuses requests from soapUI. The following is from our server log:

    15:29:46,186  INFO [http-0.0.0.0-443-1] STDOUT:156 - http-0.0.0.0-443-1, handling exception: javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled
    15:29:46,188 INFO [http-0.0.0.0-443-1] STDOUT:156 - http-0.0.0.0-443-1
    15:29:46,188 INFO [http-0.0.0.0-443-1] STDOUT:156 - , SEND TLSv1 ALERT:
    15:29:46,189 INFO [http-0.0.0.0-443-1] STDOUT:156 - fatal,
    15:29:46,189 INFO [http-0.0.0.0-443-1] STDOUT:156 - description = handshake_failure
    15:29:46,189 INFO [http-0.0.0.0-443-1] STDOUT:156 - http-0.0.0.0-443-1, WRITE: TLSv1 Alert, length = 2
    15:29:46,189 INFO [http-0.0.0.0-443-1] STDOUT:156 - [Raw write]: length = 7

    Any advice would be appreciated.
  • dgiese's avatar
    dgiese
    New Contributor
    Eviware has come through with a solution to this issue. It seems that soapUI does not respect the https.protocols JVM property, but support for an additional property (soapui.https.protocols) has been added to nightly builds since October 14th, 2010. You can grab the latest build here: http://www.eviware.com/nightly-builds/soapui-pro/3.6.1-SNAPSHOT. To disable SSL v2, simply install the latest version of soapUI and add the following line to the .vmoptions file in the bin directory:
    -Dsoapui.https.protocols=SSLv3,TLSv1