Use specific SSL protocol version with Weblogic Server.

If we want the Weblogic Server to use only a specific protocol version of SSL,we can do it with the command line options below.
-Dweblogic.security.SSL.protocolVersion=SSL3—Only SSL V3.0 messages are sent and accepted.
-Dweblogic.security.SSL.protocolVersion=TLS1—Only TLS V1.0 messages are sent and accepted.
-Dweblogic.security.SSL.protocolVersion=ALL—This is the default behavior.

We can test it by using openssl.
I my test I enabled TLS1 and below is the test result when connected with openssl

openssl s_client -connect 10.10.71.79:

543 -tls1
Loading ‘screen’ into random state – done
CONNECTED(00000788)
depth=0 /CN=Fabrizio
verify error:num=18:self signed certificate
verify return:1
depth=0 /CN=Fabrizio
verify return:1

Certificate chain
0 s:/CN=Fabrizio
i:/CN=Fabrizio

Server certificate
—–BEGIN CERTIFICATE—–
MIIBlDCB/gIBADANBgkqhkiG9w0BAQQFADATMREwDwYDVQQDEwhGYWJyaXppbzAe
Fw0wOTA1MTUxNDMyNDlaFw0xOTA1MTMxNDMyNDlaMBMxETAPBgNVBAMTCEZhYnJp
emlvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnRIgweBu10re3Fl2RlCU8
KL2rZE8agEKJZ6rQ+jTaJgDt/KvQvQJGQojusGBQTWc0ZXhsMD6gU1bB8lRjPLyt
QXhqeA35Bs+xgXgrHUXq1UP+yo8Z3/haL02bCDXxIMz0Q2aAmCue2GwB7IPCseZZ
1Rmif7Wlc5/quBEis9G+KQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAC+b0wZ5wMLX
o0eJT3DX/7ICT9mnNKq498xgAemcsjE3FbMG2DYshHuPyh842meN7zWl1gbMd5MX
yDkOlvRIYlK3sAoCyZ4m7qFdgAhAKbiSXlhPOhpUMt8BYd4km6Hn+uqyJmWuj+Wv

QQj/jzJszsFD0Qa7KxuOznHyDITu9r3j
—–END CERTIFICATE—–

subject=/CN=Fabrizio
issuer=/CN=Fabrizio

No client certificate CA names sent

SSL handshake has read 544 bytes and written 268 bytes

New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID: 630E00003F6152564FEFD2A802ACBD561898F759F1B5FF7A7C4E41D264C6F061
Session-ID-ctx:
Master-Key: 51D181CBE700DA9CDAD8EFBBC8340F95F871ABCAB533A5BFACC4EF6F36C6707A
CF26F4CE59BB5DFC005753F1620F7388
Key-Arg : None
Start Time: 1245761507
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)

Weblogic Server accepted connections only over TLS1.

References:-

1. http://download.oracle.com/docs/cd/E13222_01/wls/docs92/secmanage/ssl.html

Latest Comments

  1. swapna March 31, 2010
  2. Chris January 8, 2013
    • Administrator January 9, 2013
  3. Philipp December 26, 2014
    • Administrator December 29, 2014

Leave a Reply