cancel
Showing results for 
Search instead for 
Did you mean: 

How to enable TLS 1.2 in SoapUI

SOLVED
New Member

How to enable TLS 1.2 in SoapUI

I need to connect a webservice which only accept a connection established via TLS 1.2.

 

I added the line -Dsoapui.https.protocols=TLSv1.2 in the file SoapUI-5.0.0.vmoptions and it's not working.

 

Any help on this.

 

Thanks

 

Tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Community Hero

Re: How to enable TLS 1.2 in SoapUI

Check this link

 

As per this, you also need to set SSL version as well, something like below

-Dsoapui.https.protocols=SSLv3,TLSv1.2



Regards,
Rao.
33 REPLIES 33
New Contributor

Re: How to enable TLS 1.2 in SoapUI

this is blocking me too! can anyone help?

Community Hero

Re: How to enable TLS 1.2 in SoapUI

Check this link

 

As per this, you also need to set SSL version as well, something like below

-Dsoapui.https.protocols=SSLv3,TLSv1.2



Regards,
Rao.
New Member

Re: How to enable TLS 1.2 in SoapUI

SSLv3 is dead thanks to POODLE. Is there a way to restrice SoapUI from using SSL and always use TLS? 

 

setting up -Dsoapui.https.protocols=TLSv1.2 does not seem to prevent SSL connections

Occasional Contributor

Re: How to enable TLS 1.2 in SoapUI

I have also verified that this configuration does not provide TLS only communications. Thank you.

Occasional Contributor

Re: How to enable TLS 1.2 in SoapUI

I am working directly with SmartBear support on this question and they are providing valuable insight.

My first observation is that the SOAPUI/Ready! API application does not provide control of the Cipher string at the request level. The Cipher string is set globally during startup.

Second: The SOAPUI/Ready! API application provides support for ciphers based on OpenSSL. The cipher suite names may be found on the OpenSSL support site. http://www.openssl.org/docs/apps/ciphers.html

Third: SOAPUI/Ready! API application provides us with several methods of starting the application. The Windows start menu, command line execution and batch files are all available. The Windows start menu startup used the SoapUI-5.1.3.vmoptions/ReadyAPI-1.3.0.vmoptions file. The batch file startup use soapui.bat/ready-api.bat. This design provides us with the ability to create multiple configurations via the use of numerous iterations of these configuration/startup files.

Fourth: The JVM option -Dsoapui.https.protocols provides management of the SSL protocol list. This option controls which SSL protocols are available when negiating the initial HTTPS connection between the client and the server.

Fifth: The JVM option -Dsoapui.https.ciphers directs the SOAPUI/Ready! API application to use the OpenSSL cipher string when sending the request to the server.

Sixth: The JAVA JRE which is included with the SOAPUI/Ready! API application does not include the "unlimited" version of the JCE; JAVA Cryptography Extensions. You will need to acquire the current version of the JCE from Oracle to expand the list of potential cipher strings to include all possibilites. Information related to the JAVA JCE may be found at this URL. http://www.oracle.com/technetwork/java/javase/overview/index.html

 

Summary: Addition of the following JVM options to the appropriate configuration file will provide you with the ability to control the cipher string and SSL protocol used by the SOAPUI/Ready! API application.

 

-Dsoapui.https.protocols=<TLSv1.2, TLSv1, SSLv3>
-Dsoapui.https.ciphers=<cipher suite name>

Occasional Contributor

Re: How to enable TLS 1.2 in SoapUI

Additional notes to clarify these settings.

  • When selecting the protocol and cipher options you will need to select valid combinations. There isn't any pre-processing of the protocol and cipher options which would let you know in advance whether you have an invalid combination. I use the http://www.openssl.org/docs/apps/ciphers.html#CIPHER-SUITE-NAMES section to determine the correct combination.
  • The correct syntax for the <cipher suite name> is the represented by the left hand column of the Cipher Suite Names table. The example below represents a TLSv1.2 protocol cipher for AES256-SHA256.

    -Dsoapui.https.ciphers=TLS_RSA_WITH_AES_256_CBC_SHA256
Regular Visitor

Re: How to enable TLS 1.2 in SoapUI

I ran into same issues with enabling TLS 1.2 in SoapUI, and adding those parameters helped. But it's only for desktop version. Does anyone knows how to enable TLS 1.2 in SoapUI maven plugin?

 

Community Hero

Re: How to enable TLS 1.2 in SoapUI

Not really aware of maven. But there should be a way to pass system properties or using JAVA_OPTS


Regards,
Rao.
Occasional Visitor

Re: How to enable TLS 1.2 in SoapUI

Just a follow up question for novices like me... where will I put '-Dsoapui.https.protocols=SSLv3,TLSv1.2'.

 

I am pretty new to SoapUI and I have no idea where to put this.

 

Hope somebody can help me how Smiley Happy

New Here?
Join us and watch the welcome video:
6 / 7 API Testing Mistakes Video
Top Kudoed Authors
Top Kudoed Posts