Oracle Weblogic Server (MOSC)

MOSC Banner

Disable TLS 1.0 and TLS 1.1 in Weblogic 12.1.3

edited Jul 18, 2020 5:14AM in Oracle Weblogic Server (MOSC) 1 commentAnswered

Hi,

There is security issue to disable TLSv1.0 and TLSv1.1 in Weblogic 12.1.3 application for 5556(NodeManager) and 7002(Admin SSL) port numbers.

After updating to TLSv1.2 below operations are not working

1) Node manager connection is failing with error "nmConnect : Cannot connect to Node Manager. : Received fatal alert: handshake_failure"

2) Not able to restart Managed servers from Admin console SSL port

Changes:

Added "-Dweblogic.security.SSL.minimumProtocolVersion=TLSv1.2"  as argument to both Admin Server and Node Manger

weblogic 17048 17007  0 14:35 ?        00:00:03 /usr/java/jdk1.8.0_241-amd64/bin/java -server -Xms32m -Xmx200m -XX:MaxPermSize=128m -Dcoherence.home=/prod/oracle/weblogic/wlserver/../coherence -Dbea.home=/prod/oracle/weblogic/wlserver/.. -Dweblogic.nodemanager.ReverseDNSEnabled=true -Dweblogic.nodemanager.ListenAddress=0.0.0.0 -Djdk.tls.ephemeralDHKeySize=2048 -Dweblogic.security.SSL.minimumProtocolVersion=TLSv1.2 -Dweblogic.RootDirectory=/prod/oracle/weblogic/wlserver/server/orion -Xverify:none -Djava.endorsed.dirs=/usr/java/jdk1.8.0_241-amd64/jre/lib/endorsed:/prod/oracle/weblogic/wlserver/../oracle_common/modules/endorsed -Djava.security.policy=/prod/oracle/weblogic/wlserver/server/lib/weblogic.policy -Dweblogic.nodemanager.JavaHome=/usr/java/jdk1.8.0_241-amd64 weblogic.NodeManager -v

Howdy, Stranger!

Log In

To view full details, sign in to My Oracle Support Community.

Register

Don't have a My Oracle Support Community account? Click here to get started.

Category Leaderboard

Top contributors this month

New to My Oracle Support Community? Visit our Welcome Center

MOSC Help Center