SOAP Calls not working after updating TLS configuration settings
User SOAP Connect is configured for TLS 1.2 communicating with a Windows 2003 server, where the service is hosted and is set up for TLS 1.0. This SOAP worked for past 10 months and suddenly stopped working. The user only modified the timeouts across the system. The user has another SOAP service with the same setup, but is not impacted (e.g. TLS 1.2 communicating with a Windows 2003 Server configured at TLS 1.0).
The user want to know from Pega about why even though you had TLS1.2 chosen in the SOAP Connector, why the default value of TLS1.0 was being used.
Error MessagesCaused by: javax.net.ssl.SSLHandshakeException: Server chose TLSv1, but that protocol version is not enabled or not supported
Steps to ReproduceInvoke SOAP call
Root CauseA defect or configuration issue in the operating environment
ResolutionThe article below resolved the issue:
The local change to override the invokeaxis2 and commenting out step 8 line
Means we are bypassing the connector level configuration and let the JDK to handle TLS negotiation as per it's setting.
When we don't have the local change in place, the purpose of setting the connector rule level SSL/TLS setting is to specify the lowest allowable protocol version. That lowest version and anything above will be supported during handshake.
Published October 26, 2016 - Updated November 3, 2016