How to resolve both outbound (TLSv1) and inbound (SSLv3) connections Until SSLv3 is Turned Off Altogether
Last updated on DECEMBER 11, 2017
Applies to:Oracle WebLogic Server - Version 220.127.116.11.0 and later
Information in this document applies to any platform.
The customer reports having Weblogic Server 10.3.6 and is trying to connect to an External Client that only accepts TLSV1.* connection using SSL. They need to be able to support SSLv3 and TLSv1.0 in all WebLogic Domains for a period of time until they turn off SSLv3 all together. If they set the java option
-Dweblogic.security.SSL.protocolVersion=ALL, it is failing to negotiate the SSL Handshake when they call an external client.
NOTE: SSL 3.0 introduces poodle vulnerability so it should be turned off completely ASAP. This is a short term solution until SSLv3 is turned off all together. Please see How to Change SSL/TLS Protocols in Oracle Weblogic Server - Disable SSL 2.0/3.0 and Enable TLS 1.x <Note 2162789.1>
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms