Re: Enable SSLv2Hello in java 1.7
On 2/21/2013 2:55 PM, nateastle@gmail.com wrote:
I am connecting to a soap server and in the request they are sending
back a SSLv2Hello. This is a bug in their system but since I cannot
control it I have to code around it. I am wondering if anyone has any
idea on how to call a HTTPS soap service with TLSv1 and SSLv2Hello
enabled?
You explained the problem quite a bit better here:
http://www.coderanch.com/t/605513/Web-Services/java/Enable-SSLv-java
:-)
http://stackoverflow.com/questions/13214987/is-it-possibl-to-send-sslv2-hello-messages-from-a-client-using-java-socket
suggests though that the feature was removed in 1.7.
http://docs.oracle.com/javase/7/docs/webnotes/adoptionGuide/index.html
states:
<quote>
SSLv2Hello disabled by default on clients
As of the JDK 7 release, SSLv2Hello is removed from the default-enabled
client protocol list.
</quote>
which seems to indicate that it can be enabled.
Off looking for how to do that.
http://www.oracle.com/technetwork/java/javase/compatibility-417013.html
<quote>
Area: Runtime
Synopsis: The SSLv2Hello Handshake Protocol is Now Disabled by Default
Description: The SSLv2Hello handshake protocol, which was used by SSLv3
server implementations to communicate with older SSLv2 server
implementations that did not understand SSLv3, is now disabled by
default. A side effect of this is that the SSL/TLS extensions are no
longer stripped from the hello message. In most cases, this is not a
problem because an SSL/TLS peer is supposed to ignore any extensions
that it does not understand. However, there may be older server
implementations that experience problems. The system property,
sun.security.ssl.allowUnsafeRenegotiation, can be set to true to restore
previous behavior, but is not recommended.
Nature of Incompatibility: behavioral
</quote>
So try:
System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
http://www.oracle.com/technetwork/java/javase/documentation/tlsreadme2-176330.html
explains more about the context.
Arne