A third party our application is integrate with has recently made changes in their security level protocols. In short, My Axis client should now send calls using TLSv1.1 or TLSv1.2. I have seen other posts regarding this, with some good ideas:
After making those changes in code, I have triggered the calls again, I have used a snipping tool to monitor the sent package, and I still see in the SSL layer that the protocol being used is TLSv1.
what am I doing wrong here?
this is how I set my new SocketSecureFactory:
AxisProperties.setProperty("axis.socketSecureFactory", MyTLSSocketSecureFactory.class.getName());
whereas MyTLSSocketSecureFactory is:
public class MyTLSSocketSecureFactory extends JSSESocketFactory {
public MyTLSSocketSecureFactory(Hashtable attributes) {
super(attributes);
}
@Override
public Socket create(String host,int port, StringBuffer otherHeaders,BooleanHolder useFullURL)
throws Exception{
Socket s = super.create(host, port, otherHeaders, useFullURL);
((SSLSocket)s).setEnabledProtocols(new String[] {"TLSv1.1", "TLSv1.2"});
return s;
}
}
would really appreciate any comments, thanks.
In your MyTLSSocketSecureFactory class, you need create your own SSLContext instance and then get the sslFactory from the context.
Override the initFactory() method, and somethings like:
initFactory() {
SSLContext context = SSLContext.getInstance("TLSv1.2");
context.init(null, null, null);
sslFactory = context.getSocketFactory();
}
You can also just change the default SSLContext
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(null, null, null);
SSLContext.setDefault(sslContext);
See also https://github.com/unkascrack/axis-ssl they introduce a SSLClientAxisEngineConfig EngineConfiguration implementation to enable TLS.
来源:https://stackoverflow.com/questions/34180289/how-to-enforce-an-axis-client-to-use-tlsv1-2-protocol