Support Article

SOAP Calls not working after updating TLS configuration settings

SA-29635

Summary


 

User SOAP Connect is configured for TLS 1.2 communicating with a Windows 2003 server, where the service is hosted and is set up for TLS 1.0. This SOAP worked for past 10 months and suddenly stopped working. The user only modified the timeouts across the system. The user has another SOAP service with the same setup, but is not impacted (e.g. TLS 1.2 communicating with a Windows 2003 Server configured at TLS 1.0).

The user want to know from Pega about why even though you had TLS1.2 chosen in the SOAP Connector, why the default value of TLS1.0 was being used. 


Error Messages



Caused by: javax.net.ssl.SSLHandshakeException: Server chose TLSv1, but that protocol version is not enabled or not supported


Steps to Reproduce



Invoke SOAP call


Root Cause



A defect or configuration issue in the operating environment

Resolution



The article below resolved the issue:
https://pdn.pega.com/support-articles/connect-soap-fails-ssltls-handshake-wrong-version


The local change to override the invokeaxis2 and commenting out step 8 line

"client.getOptions().setProperty(com.pega.apache.axis2.transport.http.HTTPConstants.CUSTOM_PROTOCOL_HANDLER, authhttps);"

Means we are bypassing the connector level configuration and let the JDK to handle TLS negotiation as per it's setting.

When we don't have the local change in place, the purpose of setting the connector rule level SSL/TLS setting is to specify the lowest allowable protocol version. That lowest version and anything above will be supported during handshake.

Published October 26, 2016 - Updated November 3, 2016

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.