SSL Handshake Fails after Changing WebLogic Servers SSL Implementation from Certicom to JSSE (Doc ID 1960773.1)

Last updated on JULY 14, 2023

Applies to:

Symptoms

SSL Handshakes are failing between Oracle HTTP Server(OHS) and Weblogic Server(WLS) where they were previously working.

Testing both OHS and WLS independently there are no SSL issues.

Requirements:
Oracle HTTP Server is in front of Weblogic Server.
SSL is being used throughout.
    -Client connects to OHS over SSL.
    -OHS connects to WLS over SSL.
JSSE SSL Implementation is being used in WLS.
WLS is enabled for 2 way ssl of "Client Certificates requested but not enforced"

The OHS logs show the following error:
12c:DOMAIN_HOME/servers/component_name/logs/

Changes

The SSL Implementation in WLS has changed from Certicom to JSSE. After this change the handshake between OHS and WLS no longer is successful.

Some background on the ssl implementations for WLS:
    -Before 10.3.3 (11g), Certicom SSL was the only SSL implementation.
    -In 10.3.3 thru 10.3.6 (11g), Certicom SSL is the default SSL implementation, with JSSE available by enabling a property switch.
    -In 12.1.1 and up (12c), JSSE is the default SSL implementation and Certicom was removed.
    -TLS 1.1 and 1.2 is only supported with a combination of JDK 7 Update 1 (or later) and JSSE enabled
    -With JSSE and JDK 7, higher security defaults are available (e.g updated ciphers)
    -TLS 1.0 is supported on all releases using either Certicom or JSSE implementation
    -Weblogic Server versions 10.3.6 and 12.1.1 and later are certified with JDK 7
Reference :  How to Change SSL Protocols (to Disable SSL 3.0) in Oracle Fusion Middleware Products (Doc ID 1936300.1)

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.