Hi Vjacheslav,
Thanks for your reply. We are deploying a web service client on WebLogic.
So unfortunately idedtea won't help in our case as I believe it's a browser
plugin.
I am looking for info on configuring or accessing the SSLContext in CXF
2.7.6.
David
-----Original Message-----
From: Vjacheslav V. Borisov [mailto:[email protected]]
Sent: Friday, October 24, 2014 1:22 AM
To: [email protected]
Subject: Re: How to Disable SSLv2 client hello in CXF?
2014-10-24 0:57 GMT+04:00 David Roytenberg (Consultant) <
[email protected]>:
> I'm having an SSL problem and I wonder if there is a way to fix it
> within CXF
>
> We have our CXF 2.7.6 based integration deployed on Weblogic 11. We
> are using JDK 1.7_065
>
> When we connect to our remote client via SSL we get the following
> trace with lots of SSL debugging turned on
>
> What appears to be happening is that the Hello message is sent with an
> SSLV2 protocol, which our partner's server does not like. Apparently
> sending the Hello at this level is a common behavior and apparently it
> sometimes causes the remote server to fail. I found a suggestion on
> line that this can be fixed by removing the SSLv2 from the allowed
> protocols. I am wondering if I can do that through CFX configuration?
>
> This is a reference to the article that suggests that removing the
> protocol is the solution to this problem:
>
>
>
>
We are using icedtea and solved handshake_failure issue by upgrading icedtea
from 7.2.3.3 to 7.2.4.7 you can try upgading your jdk too or experement with
enabling some subset of Cipher Suites, eg TLS_RSA_WITH_AES_128_CBC_SHA or some
others
--
WARNING
-------
This electronic message and its attachments may contain confidential,
proprietary or legally privileged information, which is solely for the use of
the intended recipient. No privilege or other rights are waived by any
unintended transmission or unauthorized retransmission of this message. If you
are not the intended recipient of this message, or if you have received it in
error, you should immediately stop reading this message and delete it and all
attachments from your system. The reading, distribution, copying or other use
of this message or its attachments by unintended recipients is unauthorized and
may be unlawful. If you have received this e-mail in error, please notify the
sender.
AVIS IMPORTANT
--------------
Ce message électronique et ses pièces jointes peuvent contenir des
renseignements confidentiels, exclusifs ou légalement privilégiés destinés au
seul usage du destinataire visé. L’expéditeur original ne renonce à aucun
privilège ou à aucun autre droit si le présent message a été transmis
involontairement ou s’il est retransmis sans son autorisation. Si vous n’êtes
pas le destinataire visé du présent message ou si vous l’avez reçu par erreur,
veuillez cesser immédiatement de le lire et le supprimer, ainsi que toutes ses
pièces jointes, de votre système. La lecture, la distribution, la copie ou
tout autre usage du présent message ou de ses pièces jointes par des personnes
autres que le destinataire visé ne sont pas autorisés et pourraient être
illégaux. Si vous avez reçu ce courrier électronique par erreur, veuillez en
aviser l’expéditeur.
