Igor Kromin |   Consultant. Coder. Blogger. Tinkerer. Gamer.

Back in 2014 I've written an article about addressing the SSLHandshakeException in SoapUI. Technology has moved on since then so that approach no longer works and shouldn't be used. If you're getting this exception being thrown when trying to call a web service hosted in WebLogic 12.2 (running on Java 8) use this approach instead.

This is what SoapUI reports, it's the same error as back in 2014 essentially, however the root cause is quite different.
soapui_sslerr1.png


As per Java 8 SDK Cryptography Architecture documentation...
Starting with JDK 8u31, the SSLv3 protocol (Secure Socket Layer) has been deactivated and is not available by default.


The above is due to the POODLE vulnerability. This setting is confirmed by looking at $JAVA_HOME/jre/lib/security/java.security file -
 $JAVA_HOME/jre/lib/security/java.security
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768, \
EC keySize < 224




Great, so SSLv3 is disabled.

Now according to WebLogic 12.2 documentation...
Not setting the weblogic.security.SSL.protocolVersion system property enables the SSLv3Hello, SSLv3, and TLSv1 protocols. In addition, for JSSE, all versions starting with "TLS" are also enabled.


However since the JDK specifically disables SSLv3, the above options are not available. The solution is to use TLSv1.1 or better TLSv1.2 when connecting. This is done by adding the line below to the vmoptions.txt file in SoapUI (/Applications/SoapUI-5.3.0.app/Contents/vmoptions.txt).
 vmoptions.txt
-Dsoapui.https.protocols=TLSv1.2


I've tried and confirmed that the TLSv1 setting also doesn't work (presumably since it is also affected by POODLE). However, TLSv1.1 does work, as does the TLSv1.2.

-i

Please leave your comments or feedback below!
comments powered by Disqus
Other posts you may like...
Hi! You can search my blog here ⤵
Or browse the recent top tags...

Recent Blog Posts

How to stop macOS adding shadows to window screenshots

How to run Atari Lynx games on the SNES Classic Mini

Maven dependency scopes with relation to WAR file packaging and the WEB-INF/lib directory

Hacking the Sonoff B1 WiFi LED bulb to run custom firmware

What does an idle WebLogic server run on the hour to cause a CPU spike

How to open the Sonoff B1 wifi LED bulb to access its internal circuitry

Australian release SNES mini classic unboxing and a quick play through

Troubleshooting high CPU usage for JVM threads

How to fix WebLogic high CPU usage due to a corrupted file store

Mini review of the Sonoff B1 WiFi light bulb

Recent Galleries

Atari Lynx repair - Part 5 - McWill LED screen mod installation

Atari Lynx repair - Part 4 - screen cover replacement

Atari Lynx repair - Part 2 - re-capping the motherboard

Atari Lynx repair - Part 3 - broken speaker replacement

Atari Lynx repair - Part 1 - introduction and case disassembly

Building a custom Atari Lynx game box storage shelf unit in a day

Protecting old Atari Lynx game boxes with snug fit plastic sleeves

Monument Valley 2 is released and does not disappoint

Space Food - Chocolate Ice Cream with Chocolate Chips

Legeod Star Wars AT-DP kit

Blogs and Friends

Matt Moores Blog
Georgi's FlatPress Guide
Perplexing Permutations
The Security Sleuth
Ilia Rogatchevski
Travelling Fairy

Blog Activity

Blog Activity