How to Force TLSv1 On Outbound SSL Connections For Custom Application

(Doc ID 2363884.1)

Last updated on FEBRUARY 23, 2018

Applies to:

Oracle WebLogic Server - Version 10.3.6 and later
Information in this document applies to any platform.

Symptoms

A custom client application, which makes outbound SSL connections is deployed to WLS and it is required to use TLSv1 instead of the highest available for server, which is TLSv1.2.

Setting the following flags does not seems to work: -Dweblogic.security.SSL.minimumProtocolVersion=TLSv1 -Djdk.tls.client.protocols=TLSv1 -Dhttps.protocols=TLSv1 . Still application is sending a ClientHello with TLSv1.2 , which is the highest available to server.

It is expected that client to be able to specify from server configuration the client TLS version.

The issue can be reproduced at will with the following steps:

  1. Add command line arguments to WLS "-Dweblogic.security.SSL.minimumProtocolVersion=TLSv1 -Djdk.tls.client.protocols=TLSv1 -Dhttps.protocols=TLSv1"
  2. Restart WLS
  3. Deploy client app and test


Due to this issue, application cannot work with third party resource which requires TLSv1 ClientHello messages

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms