Why is SSL 2.0 Protocol Used with WebLogic Server? (Doc ID 1347791.1)

Last updated on JUNE 19, 2017

Applies to:

Oracle WebLogic Server - Version 8.1 and later
Information in this document applies to any platform.
***Checked for relevance on 26-Aiug-2016***

Goal

After setting the following system properties:

-Dweblogic.security.SSL.Ciphersuites=TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5
-Dweblogic.security.SSL.allowUnencryptedNullCipher=false
-Dweblogic.security.disableNullCipher=true

some security scanners still report that your server supports SSL version 2 on the WLS port

This article explain steps on how to validate if the scanner is reporting a false positive.

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms