Reply
Member
Posts: 2
Registered: ‎05-16-2017

TLSv1 calls still happening after protocol update

I'm using groovy/grails with Java 1.7.0_71 and the latest version of the auth.net java sdk plugin (v1.9.3 from April 2017)

 

I've added the following arguments to my VM options:

-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2
-Djdk.tls.client.protocols=TLSv1.1,TLSv1.2
-Djavax.net.debug=ssl:handshake

 

I've updated my JRE security jars to the Unlimited JCE Policy.

 

And yet attempts to processes any auth.net transactions are done in v1

 

http-nio-8082-exec-1, WRITE: TLSv1 Handshake, length = 163
http-nio-8082-exec-1, handling exception: java.net.SocketException: Connection reset
http-nio-8082-exec-1
, SEND TLSv1 ALERT:
fatal,
description = unexpected_message

 

 

Any help would be greatly appreciated. Thank you.

Posts: 147
Topics: 0
Kudos: 28
Blog Posts: 0
Ideas: 0
Solutions: 10
Registered: ‎04-28-2017

Re: TLSv1 calls still happening after protocol update

try {
        SSLContext ctx = SSLContext.getInstance("TLSv1.2");
        ctx.init(null, null, null);
        SSLContext.setDefault(ctx);
} catch (Exception e) {
        System.out.println(e.getMessage());
}
Powered by NexWebSites.com -
Certified Authorize.net developers
Member
Posts: 2
Registered: ‎05-16-2017

Re: TLSv1 calls still happening after protocol update

Thanks for the tip. I've tried that in the past and it didn't work. I tried it again just in case and still no go.

 

Handshakes are still over v1 and I wrote some code to check on available protocols vs enabled protocols and, as you can see, TLAv1.2 is available but not enabled ... the trouble, obvi, is I still haven't found the way to enable it.

 

"Supported Protocols: 5",
"SSLv2Hello",
"SSLv3",
"TLSv1",
"TLSv1.1",
"TLSv1.2",
"Enabled Protocols: 2",
"SSLv3",
"TLSv1"

Posts: 147
Topics: 0
Kudos: 28
Blog Posts: 0
Ideas: 0
Solutions: 10
Registered: ‎04-28-2017

Re: TLSv1 calls still happening after protocol update

[ Edited ]
Another way ...
final SSLContext ctx = SSLContext.getInstance("TLSv1.2");
			ctx.init(null,null, new java.security.SecureRandom());
			final SSLSocketFactory socketFactory = ctx.getSocketFactory();
			HttpsURLConnection.setDefaultSSLSocketFactory(socketFactory);
Powered by NexWebSites.com -
Certified Authorize.net developers