CODEWITHSUNDEEP
javaspringhttpsssl-certificatewebsphere-8
chaitunakka
chaitunakka

Reputation: 11

Getting java.lang.IllegalArgumentException: Only SSLv3 was enabled - com.ibm.jsse2.disableSSLv3 set to TRUE

Trying to consume soap webservice i.e. of 'https://' type. setting below system properties in my AppConfig.java.

@PostConstruct

public void init(){

Security.setProperty("ssl.SocketFactory.provider",
            "com.ibm.jsse2.SSLSocketFactoryImpl");
    Security.setProperty("ssl.ServerSocketFactory.provider",
            "com.ibm.jsse2.SSLServerSocketFactoryImpl");
    System.setProperty("java.protocol.handler.pkgs",
            "com.ibm.net.ssl.internal.www.protocol");

    try {
        if(trustStore!= null){
            File certFile = new File(trustStore);
            if(certFile.exists()){
                System.setProperty("https.protocols", "SSLv3");
                System.setProperty("javax.net.ssl.trustStore", trustStore);
                System.setProperty("javax.net.ssl.trustStorePassword",trustStorePassword);

                System.setProperty("javax.net.ssl.keyStore", trustStore);
                System.setProperty("javax.net.ssl.keyStorePassword",trustStorePassword);
                String trustStoreType = "JKS";
                System.setProperty("javax.net.ssl.trustStoreType",trustStoreType);
                System.setProperty("javax.net.debug", "SSL");
                printSysProps();
            }}catch(Exception e){...}

Please help me to resolve this issue.

Upvotes: 1

Views: 3767

Answers (2)

Mike Belme
Mike Belme

Reputation: 11

This error is coming back because later releases of Java have the SSLv3 protocol disabled by default. So when you try to set and use the SSLv3 protocol in your code it complains because it is disabled.

SSLv3 is no longer considered secure, so really it should not be used. If the server you are trying to communicate with supports newer more secure TLS protocols, I would suggest trying those.

I would not enable SSLv3 on your Java install, as the other comment suggested you could do, unless you absolutely need to.

Upvotes: 1

Ze Rui
Ze Rui

Reputation: 1

You may try to set system property as shown below:

System.setProperty("com.ibm.jsse2.disableSSLv3", "false");

Upvotes: 0

Related Questions