How to resolve both outbound (TLSv1) and inbound (SSLv3) connections Until SSLv3 is Turned Off Altogether (Doc ID 1990343.1)

Last updated on AUGUST 08, 2017

Applies to:

Oracle WebLogic Server - Version 11.1.1.6.0 and later
Information in this document applies to any platform.

Symptoms

The customer reports having Weblogic Server 10.3.6 and is trying to connect to an External Client that only accepts TLSV1.* connection using SSL. They need to be able to support SSLv3 and TLSv1.0 in all WebLogic Domains for a period of time until they turn off SSLv3 all together. If they set the java option -Dweblogic.security.SSL.protocolVersion=ALL, it is failing to negotiate the SSL Handshake when they call an external client.

NOTE: SSL 3.0 introduces poodle vulnerability so it should be turned off completely ASAP. This is a short term solution until SSLv3 is turned off all together. Please see How to Change SSL/TLS Protocols in Oracle Weblogic Server - Disable SSL 2.0/3.0 and Enable TLS 1.x <Note 2162789.1>

 

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms