Undesired RC4 Ciphers are Continually Used with WebLogic Server SSL Connections
(Doc ID 2250434.1)
Last updated on MARCH 09, 2023
Applies to:
Oracle WebLogic Server - Version 10.3.6 and laterOracle Fusion Middleware - Version 11.1.1.6.0 and later
Information in this document applies to any platform.
Symptoms
- When accessing an application with SSL, the link does not work and will not load in the browser. The following errors may be seen depending on your browser vendor (Chrome, Fire Fox, Internet Explorer):
ERR_SSL_VERSION_OR_CIPHER_MISMATCHor
ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY
- Some client browsers may report the use of RC4 ciphers and some security scans may be detecting RC4 ciphers.
- When using nmap utility, it can be seen that RC4 ciphers are available. See <Note 2241442.1> Using NMAP Tool to Test Available SSL Ciphers
- When examining the Weblogic AdminServer.log with SSL debug enabled, the following can be observed:
Changes
Have updated the DOMAIN_HOME/config/config.xml and JAVA_HOME/jre/lib/security/java.security files with no success.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |