My Oracle Support Banner

Why is SSL 2.0 Protocol Used with WebLogic Server? (Doc ID 1347791.1)

Last updated on AUGUST 28, 2020

Applies to:

Oracle WebLogic Server - Version 8.1 and later
Information in this document applies to any platform.

Goal

After setting the following system properties:

-Dweblogic.security.SSL.Ciphersuites=TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5
-Dweblogic.security.SSL.allowUnencryptedNullCipher=false
-Dweblogic.security.disableNullCipher=true

some security scanners still report that your server supports SSL version 2 on the WLS port

This article explain steps on how to validate if the scanner is reporting a false positive.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.