How to Force TLSv1 On Outbound SSL Connections For Custom Application
(Doc ID 2363884.1)
Last updated on FEBRUARY 23, 2018
Applies to:Oracle WebLogic Server - Version 10.3.6 and later
Information in this document applies to any platform.
A custom client application, which makes outbound SSL connections is deployed to WLS and it is required to use TLSv1 instead of the highest available for server, which is TLSv1.2.
Setting the following flags does not seems to work: -Dweblogic.security.SSL.minimumProtocolVersion=TLSv1 -Djdk.tls.client.protocols=TLSv1 -Dhttps.protocols=TLSv1 . Still application is sending a ClientHello with TLSv1.2 , which is the highest available to server.
It is expected that client to be able to specify from server configuration the client TLS version.
The issue can be reproduced at will with the following steps:
- Add command line arguments to WLS "-Dweblogic.security.SSL.minimumProtocolVersion=TLSv1 -Djdk.tls.client.protocols=TLSv1 -Dhttps.protocols=TLSv1"
- Restart WLS
- Deploy client app and test
Due to this issue, application cannot work with third party resource which requires TLSv1 ClientHello messages
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document