Support Article

SOAP Calls not working after updating TLS configuration settings




User SOAP Connect is configured for TLS 1.2 communicating with a Windows 2003 server, where the service is hosted and is set up for TLS 1.0. This SOAP worked for past 10 months and suddenly stopped working. The user only modified the timeouts across the system. The user has another SOAP service with the same setup, but is not impacted (e.g. TLS 1.2 communicating with a Windows 2003 Server configured at TLS 1.0).

The user want to know from Pega about why even though you had TLS1.2 chosen in the SOAP Connector, why the default value of TLS1.0 was being used. 

Error Messages

Caused by: Server chose TLSv1, but that protocol version is not enabled or not supported

Steps to Reproduce

Invoke SOAP call

Root Cause

A defect or configuration issue in the operating environment


The article below resolved the issue:

The local change to override the invokeaxis2 and commenting out step 8 line

"client.getOptions().setProperty(com.pega.apache.axis2.transport.http.HTTPConstants.CUSTOM_PROTOCOL_HANDLER, authhttps);"

Means we are bypassing the connector level configuration and let the JDK to handle TLS negotiation as per it's setting.

When we don't have the local change in place, the purpose of setting the connector rule level SSL/TLS setting is to specify the lowest allowable protocol version. That lowest version and anything above will be supported during handshake.

Published October 26, 2016 - Updated November 3, 2016

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.