I think you can just change the code to read as follows when it creates the SSLContext:
SSLContext ctx = SSLContext.getInstance("TLSv1"); I don't know if TLS will downgrade to SSL if that's all that's available. Karl On Tue, Jan 14, 2020 at 6:02 PM Jörn Franke <jornfra...@gmail.com> wrote: > Yes it you do not change this setting as what I suspect happens here. See > my previous mail for details. > > Am 14.01.2020 um 23:51 schrieb Karl Wright <daddy...@gmail.com>: > > > It looks looks TLS is actually enabled in the SSLSocketFactory framework > based on how you create the SSLSocketContext. See: > > https://docs.oracle.com/cd/E19698-01/816-7609/security-83/index.html > > Karl > > > On Tue, Jan 14, 2020 at 5:48 PM Karl Wright <daddy...@gmail.com> wrote: > >> The design of ManifoldCF deliberately manages keystores on a connection >> by connection basis, not globally. If you think the only way to implement >> TLS is via global keystore I very much doubt it. >> >> I am on the road until late tomorrow but somewhere along the line I can >> do some research into why TLS won't work as we are currently doing it. >> >> Karl >> >> >> On Tue, Jan 14, 2020 at 12:56 PM Jörn Franke <jornfra...@gmail.com> >> wrote: >> >>> These are TLS only. So maybe you have other servers where tls and ssl >>> are possible and it downgrades to ssl.however, this is speculation and I >>> need to verify it. I have to rebuilt manifold for that. Probably I have to >>> reinstall everything as the keystorefactory is a dependency in the >>> connector. >>> >>> Am 14.01.2020 um 18:34 schrieb Karl Wright <daddy...@gmail.com>: >>> >>> >>> If you can recommend changes to support TLS, that would be great. The >>> basic infrastructure should still work; it is just a custom keystone and >>> associated SSLSocketFactory, which I think also is used for TLS >>> connections, unless I am missing something. >>> >>> On Tue, Jan 14, 2020, 9:38 AM Jörn Franke <jornfra...@gmail.com> wrote: >>> >>>> Yes this works fine. I believe the error comes from the fact that TLS >>>> connections are not supported. >>>> >>>> Am 14.01.2020 um 15:31 schrieb Michael Cizmar < >>>> michael.ciz...@mcplusa.com>: >>>> >>>> >>>> >>>> If you want to test the url and the ssl, I would recommend attempting >>>> using SSLPoke to confirm that they keystore is setup properly: >>>> >>>> >>>> >>>> https://github.com/MichalHecko/SSLPoke >>>> >>>> >>>> >>>> Michael >>>> >>>> >>>> >>>> *From: *Karl Wright <daddy...@gmail.com> >>>> *Reply-To: *"user@manifoldcf.apache.org" <user@manifoldcf.apache.org> >>>> *Date: *Tuesday, January 14, 2020 at 7:21 AM >>>> *To: *"user@manifoldcf.apache.org" <user@manifoldcf.apache.org> >>>> *Subject: *Re: CSWS Connector : ServiceConstructionException: Failed >>>> to create service >>>> >>>> >>>> >>>> Hmm, others have succeeded setting up SSL connections with the current >>>> code. Hoping they chime in here. >>>> >>>> >>>> >>>> Karl >>>> >>>> >>>> >>>> On Tue, Jan 14, 2020, 8:19 AM Jörn Franke <jornfra...@gmail.com> wrote: >>>> >>>> It seems that it has indeed a certificate issue as it cannot find a >>>> valid certification path to the target. The thing is: I added those >>>> certificates in the UI should it should not happen. >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> Am 10.01.2020 um 20:51 schrieb Jörn Franke <jornfra...@gmail.com>: >>>> >>>> 2.15 ... >>>> >>>> I will try on the weekend to see if I can get some logs out of it. >>>> >>>> >>>> >>>> Am 10.01.2020 um 19:02 schrieb Karl Wright <daddy...@gmail.com>: >>>> >>>> Can I ask what version of MCF you are using? There were issues with >>>> SSL in the first release of the csws connector if I recall correctly, that >>>> were fixed for the second release. >>>> >>>> >>>> >>>> Karl >>>> >>>> >>>> >>>> >>>> >>>> On Fri, Jan 10, 2020 at 11:42 AM Jörn Franke <jornfra...@gmail.com> >>>> wrote: >>>> >>>> I added root, intermediate and server certificate (in base64 cer, it >>>> seems to be recognized by manifoldcf), but I still get the same message. I >>>> will try to get somehow the full stacktrace >>>> >>>> >>>> >>>> Am 10.01.2020 um 17:21 schrieb Karl Wright <daddy...@gmail.com>: >>>> >>>> If you are using SSL you need to have the proper certificate saved in >>>> the connection's keystore. >>>> >>>> Karl >>>> >>>> >>>> >>>> >>>> >>>> On Fri, Jan 10, 2020 at 11:20 AM Jörn Franke <jornfra...@gmail.com> >>>> wrote: >>>> >>>> It is actually a server using configuration of the command - driven >>>> multi-process model (but the agents executed as a service and the war on a >>>> tomcat executed as a service) under Linux. >>>> >>>> >>>> >>>> I thought as well that it cannot reach the webservices, the question is >>>> why. On the same server I can reach the webservices and fetch the WSDL >>>> without issues. >>>> >>>> Maybe sth related to ssl ? >>>> >>>> >>>> >>>> Am 10.01.2020 um 14:59 schrieb Karl Wright <daddy...@gmail.com>: >>>> >>>> How are you running manifoldcf? Single process example, or a custom >>>> setup of some kind? >>>> >>>> This exception is a "catch all" exception generated far below anything >>>> in ManifoldCF, but usually means it cannot download the WSDLs from the >>>> service. Getting the full exception dumped in the log requires a "hack" to >>>> the check() method of the connector, but I'm pretty sure that's what's >>>> happening anyway. >>>> >>>> Karl >>>> >>>> >>>> >>>> >>>> >>>> On Fri, Jan 10, 2020 at 8:50 AM Jörn Franke <jornfra...@gmail.com> >>>> wrote: >>>> >>>> Hi, >>>> >>>> I tried to use the CSWS connector, but already for the Authority >>>> connection I receive a >>>> org.apache.cxf.service.factory.ServiceConstructionException: Failed to >>>> create service. >>>> >>>> Unfortunately I don’t see more details , also not in the log (debug is >>>> activated). I try to get a little bit more output by modifying the >>>> connector, but maybe someone has already an idea why this can happen? >>>> >>>> Are there some special instructions to use it? The pointers to the >>>> webservices are correct, I tested via Curl and SOAPUI. >>>> >>>> >>>> Thank you. >>>> Best regards >>>> >>>>