Reputation: 57
How to enable TLS version 1.2 in web logic for outgoing https transactions
I am working on one project which require TLS version 1.2 to be enabled on web logic server for outgoing https transactions. I tried using below properties in web logic startup script : Weblogic.security.SSL.minimumProtocolVersion=TLSv1.2 Or Weblogic.security.SSL.protocolVersion=TLS
But when I ran some test I was able to see TLSv1 still getting used in the clientHello message in weblogic SSL logs. We tried every permutation and combination to start the TLS handshake with TLSv1.2 but no success so far.
When we enabled sun based http handler in weblogic and used below property in startup script, I was able to use TLSv1.2 -DUseSunHttpHandler=true -Dhttps.protocols=TLSv1.2
My question is how to enable TLSv1.2 in weblogic 12c version with IBM java 1.7 SR9 for outgoing https transactions when using weblogic http connection classes instead of sun based http classes?
Upvotes: 1
Views: 29070
Answers (4)
Reputation: 1
Can you try this:
Weblogic.security.SSL.protocolVersion=TLS1
-Dweblogic.security.SSL.protocolVersion=SSL3: Only SSL V3.0 messages are sent and accepted. Attempts by clients to establish connections with a prior SSL version will be denied by WebLogic Server, with a denial message returned to the client.
-Dweblogic.security.SSL.protocolVersion=TLS1: This property value enables any protocol starting with "TLS" for messages that are sent and accepted; for example, TLS V1.0, TLS V1.1, and TLS V1.2.
-Dweblogic.security.SSL.protocolVersion=ALL: This is the default behavior. If ALL is selected, the default depends on the JSSE provider and JDK version.
Upvotes: -1
Reputation: 11
pl update at server settings> Configuration > server start > Arguments
-DWeblogic.security.SSL.minimumProtocolVersion=TLSv1.2 This helps.
Test with following commands.
#openssl s_client -connect localhost/ipaddress(remote):port(443) -tls1
#openssl s_client -connect localhost/ipaddress(remote):port(443) -tls1_1
#openssl s_client -connect localhost/ipaddress(remote):port(443) -tls1_2
Upvotes: 1
Reputation: 107
You can enable TLSv1.2 for Outgoing connection from Weblogic.
Under the managed servfer, Server Startup in the arguments add as below
-Djdk.tls.client.protocols=TLSv1.2
Upvotes: 1
Reputation: 31
You have to -DUseSunHttpHandler=true with IBM JDK as well for Weblogic. Otherwise, it will pick the default http handler, weblogic.net.http.HttpsURLConnection.
You can find the details at http://www-01.ibm.com/support/docview.wss?uid=swg27046674.
Upvotes: 0
Related Questions
- How to Disable TLSv1.2 in Java 8
- Disabling TLSv1.0 in java8
- How to Enable a TLS 1.2 in IBM java 1.6?
- How to enable TLSv1.2 in JAVA 7u80 client
- How to disable TLS 1.0 from JDK
- Modifiying Weblogic Server to use TLS
- Application using TLSv1 even protocol configure to SSL_TLSv2
- How to set TLS1.2 version in Java
- How to force WebLogic 10.3.2.0 to use TLS v1.0 minimum?
- enabling SSL on weblogic