I use wsimport
to generate code from a particular WSDL
. I tried Java 10, it failed handshake, then I tried Java 9 and it was okay.
I watched communication using wireshark
, and the cause became clear, the server I communicated still uses TLSv1, and I guess Java 10 wsimport
no longer tolerate that (not by default at least), although 9 does.
There is nothing I can do with the server, so the question becomes how I can run Java 10 wsimport with TLSv1 tolerance?
More investigation was done, and the most helpful test was done using ssl labs. It turned out that the server supports a weak cipher suite:
TLS_RSA_WITH_3DES_EDE_CBC_SHA
.The issue was solved by adding the following java option:
Cannot specify the cipher suite as
TLS_RSA_WITH_3DES_EDE_CBC_SHA
. Java's naming convention requires it to be calledSSL_RSA_WITH_3DES_EDE_CBC_SHA
.Side note: the bug mentioned in @nullpointer's comment above was solved in all three versions I tried: Java 9/10/11.