How to resolve both outbound (TLSv1) and inbound (SSLv3) connections Until SSLv3 is Turned Off Altogether
(Doc ID 1990343.1)
Last updated on AUGUST 28, 2020
Applies to:Oracle WebLogic Server - Version 126.96.36.199.0 and later
Information in this document applies to any platform.
The customer reports having Weblogic Server 10.3.6 and is trying to connect to an External Client that only accepts TLSV1.* connection using SSL. They need to be able to support SSLv3 and TLSv1.0 in all WebLogic Domains for a period of time until they turn off SSLv3 all together. If they set the java option
-Dweblogic.security.SSL.protocolVersion=ALL, it is failing to negotiate the SSL Handshake when they call an external client.
NOTE: SSL 3.0 introduces poodle vulnerability so it should be turned off completely ASAP. This is a short term solution until SSLv3 is turned off all together. Please see How to Change SSL/TLS Protocols in Oracle Weblogic Server - Disable SSL 2.0/3.0 and Enable TLS 1.x <Note 2162789.1>
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document