How to disable SSLv2 socket protocol in axis

Question

I have a problem with consuming a web service using axis.This happen because axis sent a SSLv2 ClientHello and the server that offer the webservice does not support the SSLv2 protocol. To fix this i have to disable this protocol. The code for disable it in Java is :

SocketFactory socketFactory = SSLSocketFactory.getDefault();
SSLSocket socket = (SSLSocket) socketFactory.createSocket(hostname, port);
socket.setEnabledProtocols(new String[] {"SSLv3", "TLSv1"});

I refer to these link. Now, the problem is how can I disable this protocol when I am using axis for consuming the webservice?

Answer 1

For Axis 1:

1. Create your custom MySocketFactory which extends SecureScoketFatory.

   String[] protocols = { "TLSv1" };//provide the list of protocols which you        want to enable
   ((SSLSocket) sslSocket).setEnabledProtocols(protocols);
   

2. Then at your web service client level provide the System property like below.

   System.setProperty("axis.socketSecureFactory", "com.custom.MySocketFactory");
   

Answer 2

If you're using Axis 2, you should be able to configure an Apache HttpClient 3.x SecureProtocolSocketFactory (see the Axis 2 documentation on the subject). You should be able to set the enabled protocols in createSocket before returning the socket. (You might also be interested in this question.)

For Axis 1, you should be able to set the axis.socketSecureFactory property to your own class name implementing an Axis SecureSocketFactory and configure the socket in the same way there.