This week, we ran into an issue with a client’s Java/Tomcat application that connects to FirstData’s WSDL API for Credit Card payment processing. The problem was related to the recently discovered SSL renegotiation protocol flaw. (read more about the protocol flaw over at Slashdot)
Problem symptoms included Tomcat freezing while initializing, then after 10mns timing out with error messages saying that it was unable to contact the WSDL URL. Before we could connect to that URL, we had to tell Java’s SSL Libraries to allow unsafe renegotiation.
How to fix this:
In /etc/default/tomcat6 (Debian/Ubuntu), add a new line to your ‘CATALINA_OPTS=’ section.