Igor's Blog
Programming, DIY, Games, Hacks, and Tech

Back in 2014 I've written an article about addressing the SSLHandshakeException in SoapUI. Technology has moved on since then so that approach no longer works and shouldn't be used. If you're getting this exception being thrown when trying to call a web service hosted in WebLogic 12.2 (running on Java 8) use this approach instead.

This is what SoapUI reports, it's the same error as back in 2014 essentially, however the root cause is quite different.
soapui_sslerr1.png


As per Java 8 SDK Cryptography Architecture documentation...
Starting with JDK 8u31, the SSLv3 protocol (Secure Socket Layer) has been deactivated and is not available by default.


The above is due to the POODLE vulnerability. This setting is confirmed by looking at $JAVA_HOME/jre/lib/security/java.security file -
 $JAVA_HOME/jre/lib/security/java.security
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768, \
EC keySize < 224




Great, so SSLv3 is disabled.

Now according to WebLogic 12.2 documentation...
Not setting the weblogic.security.SSL.protocolVersion system property enables the SSLv3Hello, SSLv3, and TLSv1 protocols. In addition, for JSSE, all versions starting with "TLS" are also enabled.


However since the JDK specifically disables SSLv3, the above options are not available. The solution is to use TLSv1.1 or better TLSv1.2 when connecting. This is done by adding the line below to the vmoptions.txt file in SoapUI (/Applications/SoapUI-5.3.0.app/Contents/vmoptions.txt).
 vmoptions.txt
-Dsoapui.https.protocols=TLSv1.2


I've tried and confirmed that the TLSv1 setting also doesn't work (presumably since it is also affected by POODLE). However, TLSv1.1 does work, as does the TLSv1.2.

-i

Please leave your comments or feedback below!
comments powered by Disqus
Other posts you may like...

Recent Blog Posts

How to enable the full stack trace in Maven's Surefire plugin for JUnit testing

Twelve elements of the Burst Mining Pool interface explained

TPG FTTB settings for the Billion BiPAC 8700AXL 1600 modem router

Protecting old Atari Lynx game boxes with snug fit plastic sleeves

How to fix SoapUI javax.net.ssl.SSLHandshakeException calling WebLogic 12.2 web services on Java 8

Woolworths (WOW) shares disappeared from Computer Share Investor Centre

Connecting the Dell UltraSharp U3415W monitor to a MacBookPro via USB-C

How to add/change PHP versions appearing in MAMP preferences

Fix the ORA-00904: ORA_ROWSCN: invalid identifier error in SQLDeveloper with a few easy steps

G Suite Gmail is broken on Safari due to new Google Content Security Policy settings

Recent Galleries

Protecting old Atari Lynx game boxes with snug fit plastic sleeves

Monument Valley 2 is released and does not disappoint

Space Food - Chocolate Ice Cream with Chocolate Chips

Legeod Star Wars AT-DP kit

DIY spare parts computer build with a RAIDMAX Anura case

Fake 'Lepin' brand Lego packaging

Hardwood garden bench with clear resin void filler

Fixing a 3D printer extruder that stopped heating up

Easily increase disk space in a Lenovo Ideapad 100S 14" laptop with an M.2 SSD

Making a multi-piece 3D printed solder spool holder stand

My Other Web Sites

Igor and Elise's Travels
Riverside Expressway Cam
300 George St Blogumentary

My Online Tools

UUID to OID Converter
Guru JSON-RPC Tester
Extrudifier Object Designer
Travel ┬ÁBlog

Blogs and Friends

Matt Moores Blog
Georgi's FlatPress Guide
Perplexing Permutations
The Security Sleuth
Ilia Rogatchevski
Travelling Fairy

Blog Activity

Blog Activity
Don't forget to
my Facebook page for more great articles!
Don't show this again