How to enforce an Axis Client to use TLSv1.2 protocol

Question 1

How to enforce an Axis Client to use TLSv1.2 protocol

ssl axis webservices-client tls1.2

mesh · Dec 9, 2015 · Viewed 15.2k times · Source

Answer

Answer

In your MyTLSSocketSecureFactory class, you need create your own SSLContext instance and then get the sslFactory from the context.

Override the initFactory() method, and somethings like:

initFactory() {
  SSLContext context = SSLContext.getInstance("TLSv1.2");
  context.init(null, null, null);
  sslFactory = context.getSocketFactory();
}

Question 2

A third party our application is integrate with has recently made changes in their security level protocols. In short, My Axis client should now send calls using TLSv1.1 or TLSv1.2. I have seen other posts regarding this, with some good ideas:

here
here.

After making those changes in code, I have triggered the calls again, I have used a snipping tool to monitor the sent package, and I still see in the SSL layer that the protocol being used is TLSv1.

the packet snippet

what am I doing wrong here?

this is how I set my new SocketSecureFactory:

AxisProperties.setProperty("axis.socketSecureFactory", MyTLSSocketSecureFactory.class.getName());

whereas MyTLSSocketSecureFactory is:

public class MyTLSSocketSecureFactory extends JSSESocketFactory {
    public MyTLSSocketSecureFactory(Hashtable attributes) {
        super(attributes);
    }

    @Override
    public Socket create(String host,int port,   StringBuffer otherHeaders,BooleanHolder useFullURL)
              throws Exception{
        Socket s = super.create(host, port, otherHeaders, useFullURL);
        ((SSLSocket)s).setEnabledProtocols(new String[] {"TLSv1.1", "TLSv1.2"});
        return s;
    }
}

would really appreciate any comments, thanks.

How to enforce an Axis Client to use TLSv1.2 protocol

Answer

Related questions