Disable TLS 1.0 and TLS 1.1 in Weblogic 12.1.3

Jun 5, 2020 11:06AM

Hi,

There is security issue to disable TLSv1.0 and TLSv1.1 in Weblogic 12.1.3 application for 5556(NodeManager) and 7002(Admin SSL) port numbers.

After updating to TLSv1.2 below operations are not working

1) Node manager connection is failing with error "nmConnect : Cannot connect to Node Manager. : Received fatal alert: handshake_failure"

2) Not able to restart Managed servers from Admin console SSL port

Changes:

Added "-Dweblogic.security.SSL.minimumProtocolVersion=TLSv1.2" as argument to both Admin Server and Node Manger

weblogic 17048 17007 0 14:35 ? 00:00:03 /usr/java/jdk1.8.0_241-amd64/bin/java -server -Xms32m -Xmx200m -XX:MaxPermSize=128m -Dcoherence.home=/prod/oracle/weblogic/wlserver/../coherence -Dbea.home=/prod/oracle/weblogic/wlserver/.. -Dweblogic.nodemanager.ReverseDNSEnabled=true -Dweblogic.nodemanager.ListenAddress=0.0.0.0 -Djdk.tls.ephemeralDHKeySize=2048 -Dweblogic.security.SSL.minimumProtocolVersion=TLSv1.2 -Dweblogic.RootDirectory=/prod/oracle/weblogic/wlserver/server/orion -Xverify:none -Djava.endorsed.dirs=/usr/java/jdk1.8.0_241-amd64/jre/lib/endorsed:/prod/oracle/weblogic/wlserver/../oracle_common/modules/endorsed -Djava.security.policy=/prod/oracle/weblogic/wlserver/server/lib/weblogic.policy -Dweblogic.nodemanager.JavaHome=/usr/java/jdk1.8.0_241-amd64 weblogic.NodeManager -v

Oracle Weblogic Server (MOSC)

Disable TLS 1.0 and TLS 1.1 in Weblogic 12.1.3

Howdy, Stranger!

Category Leaderboard

Top contributors this month