Friday, 12 June 2015

Transport Layer Security (TLS) 1.2 and SoapUI

We hit an interesting glitch yesterday, whilst trying to test IBM Business Monitor using the SoapUI tool ( http://www.soapui.org/ ).

Having configured IBM HTTP Server (IHS), in front of Monitor, to only support Transport Layer Security (TLS) 1.2, via this directive in httpd.conf : -

SSLProtocolDisable SSLv3 SSLv2 TLSv10 TLSv11

we then saw

handshake_failure

when trying to connect to the Business Monitor REST emitter, which is fronted by IHS and the WebSphere Plugin.

Having confirmed that we could happily access the REST URL, via HTTPS, using Firefox, we realised that the issue was with SoapUI.

A few Google searches later, we found this: -


...
The following parameter must be added to the soapUI vmoptions file:

-Dsoapui.https.protocols=TLSv1.2
...

A spot of trial and some error later, we found that this is the file to which the article refers: -

SoapUI-5.0.0.vmoptions

*BUT* that we needed to start the client using the .EXE file: -

SoapUI-5.0.0.exe

rather than the supplied batch file ( which appears to ignore the .vmoptions file ).

Once we made this change, and started the tool, it all worked.

No comments: