How to Force TLSv1 On Outbound SSL Connections For Custom Application
Last updated on FEBRUARY 23, 2018
Applies to:Oracle WebLogic Server - Version 10.3.6 and later
Information in this document applies to any platform.
A custom client application, which makes outbound SSL connections is deployed to WLS and it is required to use TLSv1 instead of the highest available for server, which is TLSv1.2.
Setting the following flags does not seems to work: -Dweblogic.security.SSL.minimumProtocolVersion=TLSv1 -Djdk.tls.client.protocols=TLSv1 -Dhttps.protocols=TLSv1 . Still application is sending a ClientHello with TLSv1.2 , which is the highest available to server.
It is expected that client to be able to specify from server configuration the client TLS version.
The issue can be reproduced at will with the following steps:
- Add command line arguments to WLS "-Dweblogic.security.SSL.minimumProtocolVersion=TLSv1 -Djdk.tls.client.protocols=TLSv1 -Dhttps.protocols=TLSv1"
- Restart WLS
- Deploy client app and test
Due to this issue, application cannot work with third party resource which requires TLSv1 ClientHello messages
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms