Disable TLS 1.0 and TLS 1.1 in Weblogic 12.1.3
Hi,
There is security issue to disable TLSv1.0 and TLSv1.1 in Weblogic 12.1.3 application for 5556(NodeManager) and 7002(Admin SSL) port numbers.
After updating to TLSv1.2 below operations are not working
1) Node manager connection is failing with error "nmConnect : Cannot connect to Node Manager. : Received fatal alert: handshake_failure"
2) Not able to restart Managed servers from Admin console SSL port
Changes:
Added "-Dweblogic.security.SSL.minimumProtocolVersion=TLSv1.2" as argument to both Admin Server and Node Manger
weblogic 17048 17007 0 14:35 ? 00:00:03 /usr/java/jdk1.8.0_241-amd64/bin/java -server -Xms32m -Xmx200m -XX:MaxPermSize=128m -Dcoherence.home=/prod/oracle/weblogic/wlserver/../coherence -Dbea.home=/prod/oracle/weblogic/wlserver/.. -Dweblogic.nodemanager.ReverseDNSEnabled=true -Dweblogic.nodemanager.ListenAddress=0.0.0.0 -Djdk.tls.ephemeralDHKeySize=2048 -Dweblogic.security.SSL.minimumProtocolVersion=TLSv1.2 -Dweblogic.RootDirectory=/prod/oracle/weblogic/wlserver/server/orion -Xverify:none -Djava.endorsed.dirs=/usr/java/jdk1.8.0_241-amd64/jre/lib/endorsed:/prod/oracle/weblogic/wlserver/../oracle_common/modules/endorsed -Djava.security.policy=/prod/oracle/weblogic/wlserver/server/lib/weblogic.policy -Dweblogic.nodemanager.JavaHome=/usr/java/jdk1.8.0_241-amd64 weblogic.NodeManager -v