Weblogic: SSL v3.0 Disable & Enable TLS v1.x

Smart Panda - Secure HTTPSThere is one big rabbit hole out there when it comes to security, and that happens to be around SSL encryption. In regards to PeopleSoft that rabbit hole is not only huge it is also highly undocumented. There is several reasons for this, however, the most common reason is that SSL encryption has nothing to do with PeopleSoft as an application — yes, I know what you are going to say, but….

In January of this year, Oracle released a critical patch update in which they highly recommend that the SSL v3.0 encryption should no longer be used due to vulnerabilities. It is recommended that everybody use TLS v1.2. For the longest time TLS v1.2 was not support by any browser except IE, however, all major browsers now fully support TLS v1.2. Click here to See SSL/TLS Support By Browser.

Oracle is constantly putting out updates and critical patches, and the latest Patch Set Updates for WebLogic 12x can be found on the My Oracle Support (MOS) Document:  1470197.1

Weblogic by default supports all protocol versions (which is dependent on the JSSE provider and JDK versions being used) – Click Here to See Supported Versions

In order to limit Weblogic 12 encryption protocols to just the TLS protocols (disable SSL v3.0), you need to add the following parameter to your WebLogic PIA instance startup:


If you are running in windows as a service you will want to modify the service parameter CmdLine in the Registry Editor, if you are running from the startPIA in Windows or Linux you can append the parameter to the start command in the shell script or batch program.