This week, we ran into an issue with a client’s Java/Tomcat application that connects to FirstData’s WSDL API for Credit Card payment processing. The problem was related to the recently discovered SSL renegotiation protocol flaw. (read more about the protocol flaw over at Slashdot)
Problem symptoms included Tomcat freezing while initializing, then after 10mns timing out with error messages saying that it was unable to contact the WSDL URL. Before we could connect to that URL, we had to tell Java’s SSL Libraries to allow unsafe renegotiation.
How to fix this:
Short Answer:
In /etc/default/tomcat6 (Debian/Ubuntu), add a new line to your ‘CATALINA_OPTS=’ section.
-Dsun.security.ssl.allowUnsafeRenegotiation=true
This entry was posted in Java, SSL, Tomcat. Bookmark the
permalink. Comments are closed, but you can leave a trackback:
Trackback URL.
SSL/TLS Insecure Renegotiation and Payment Processors
This week, we ran into an issue with a client’s Java/Tomcat application that connects to FirstData’s WSDL API for Credit Card payment processing. The problem was related to the recently discovered SSL renegotiation protocol flaw. (read more about the protocol flaw over at Slashdot)
Problem symptoms included Tomcat freezing while initializing, then after 10mns timing out with error messages saying that it was unable to contact the WSDL URL. Before we could connect to that URL, we had to tell Java’s SSL Libraries to allow unsafe renegotiation.
How to fix this:
Short Answer:
In /etc/default/tomcat6 (Debian/Ubuntu), add a new line to your ‘CATALINA_OPTS=’ section.
-Dsun.security.ssl.allowUnsafeRenegotiation=true