Enable SSLv2Hello in java 1.7

[nate...@gmail.com]

I am connecting to a soap server and in the request they are sending back a SSLv2Hello. This is a bug in their system but since I cannot control it I have to code around it. I am wondering if anyone has any idea on how to call a HTTPS soap service with TLSv1 and SSLv2Hello enabled?

[Arne Vajhøj]

You explained the problem quite a bit better here:

http://www.coderanch.com/t/605513/Web-Services/java/Enable-SSLv-java

:-)

http://stackoverflow.com/questions/13214987/is-it-possibl-to-send-sslv2-hello-messages-from-a-client-using-java-socket

suggests though that the feature was removed in 1.7.

http://docs.oracle.com/javase/7/docs/webnotes/adoptionGuide/index.html

states:

<quote>
SSLv2Hello disabled by default on clients

As of the JDK 7 release, SSLv2Hello is removed from the default-enabled
client protocol list.
</quote>

which seems to indicate that it can be enabled.

Off looking for how to do that.

http://www.oracle.com/technetwork/java/javase/compatibility-417013.html

<quote>
Area: Runtime
Synopsis: The SSLv2Hello Handshake Protocol is Now Disabled by Default
Description: The SSLv2Hello handshake protocol, which was used by SSLv3
server implementations to communicate with older SSLv2 server
implementations that did not understand SSLv3, is now disabled by
default. A side effect of this is that the SSL/TLS extensions are no
longer stripped from the hello message. In most cases, this is not a
problem because an SSL/TLS peer is supposed to ignore any extensions
that it does not understand. However, there may be older server
implementations that experience problems. The system property,
sun.security.ssl.allowUnsafeRenegotiation, can be set to true to restore
previous behavior, but is not recommended.
Nature of Incompatibility: behavioral
</quote>

So try:

System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");

http://www.oracle.com/technetwork/java/javase/documentation/tlsreadme2-176330.html

explains more about the context.

Arne

[nate...@gmail.com]

On Thursday, February 21, 2013 12:55:31 PM UTC-7, nate...@gmail.com wrote:
> I am connecting to a soap server and in the request they are sending back a SSLv2Hello. This is a bug in their system but since I cannot control it I have to code around it. I am wondering if anyone has any idea on how to call a HTTPS soap service with TLSv1 and SSLv2Hello enabled?

Thank you Arne for your reply. I have found a solution to this. I explained a little bit more
http://www.coderanch.com/t/605513/Web-Services/java/Enable-SSLv-java#2766243

in the end I used OpenJDK for the runtime as the removal of SSLv2Hello was only in the sun version of the SSLContextImpl

Nate

[Arne Vajhøj]

On 2/28/2013 11:15 AM, nate...@gmail.com wrote:
> On Thursday, February 21, 2013 12:55:31 PM UTC-7, nate...@gmail.com wrote:
>> I am connecting to a soap server and in the request they are sending back a SSLv2Hello. This is a bug in their system but since I cannot control it I have to code around it. I am wondering if anyone has any idea on how to call a HTTPS soap service with TLSv1 and SSLv2Hello enabled?
>
> Thank you Arne for your reply. I have found a solution to this. I explained a little bit more
> http://www.coderanch.com/t/605513/Web-Services/java/Enable-SSLv-java#2766243

You did not want to try:

System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");

?

> in the end I used OpenJDK for the runtime as the removal of SSLv2Hello was only in the sun version of the SSLContextImpl

If this is for internal usage only then fine, but if you intend to
distribute the code, then it could be a problem - Oracle Java is way
more widely used than OpenJDK.

Arne