How to check for SSL POODLE / SSLv3 bug on WebLogic? How to fix

Details of the SSL POODLE bug can be found here

We can address it in the following way.

1) Disable SSL 3.0 support in the client.


2) Disable SSL 3.0 support in the server.

We can start WebLogic server with the following JVM option

Ref :-
Disable support for CBC-based cipher suites when using SSL 3.0 (in either client or server).

You can do it by editing you config.xml


<server-private-key-alias>xxxxxxx </server-private-key-alias>


This article explains the attack in details.

Latest Comments

  1. Tracy October 21, 2014
    • Administrator November 6, 2014
  2. sudeep February 23, 2015
  3. Administrator April 20, 2015

Leave a Reply