Friday Dec 26, 2014

JSSE and WebLogic Server in WebLogic Server 11g

 Recently, several customers want to migrate to JSSE, because they would like to have stronger cipher suites.

If you have WebLogic Server 10.3.2 or earlier versions, you will need to upgrade your Weblogic Server to the latest 11g.
There is no supported way to enable JSSE in these versions.


To enable JSSE in weblogic server 10.3.3 and later, you can add a property to JAVA_OPTIONS as described below:

    -Dweblogic.security.SSL.enableJSSE=true (WLS 10.3.3)
http://docs.oracle.com/cd/E14571_01/web.1111/e13707/ssl.htm#BABIJEJD
    -Dweblogic.ssl.JSSEEnabled=true (WLS 10.3.4 and later)
http://docs.oracle.com/cd/E21764_01/web.1111/e13707/ssl.htm#BABIJEJD

Additional Details here:
http://docs.oracle.com/cd/E14571_01/web.1111/e13707/ssl.htm#SECMG494

Please notice that as this is a new feature, there are several recommended patches for known issues:
For WebLogic Server 10.3.3:
SHA2 Certificate Throws Log Message "Ignoring The Trusted CA Certificate" (Doc ID 1538488.1)

For WebLogic Server 10.3.5 and 10.3.6 make sure you are using the latest PSU delivered:
e.g:
Oracle WebLogic Server Patch Set Update 10.3.5.0.7 Fixed Bugs List (Doc ID 1544306.1)
Oracle WebLogic Server Patch Set Update 10.3.6.0.9 Fixed Bugs List (Doc ID 1935048.1)   

Enjoy! 

Tuesday Aug 05, 2014

How do I specify certicom ciphersuite in weblogic 11g?

I recently have a customer that was getting the error below when trying to specify certicom ciphersuite:

<SEVERE> <Fatal error in node manager server>
java.lang.IllegalArgumentException: SSL_RSA_WITH_RC4_128_MD5 Unsupported.
        at com.certicom.tls.interfaceimpl.TLSSystem.setEnabledCipherSuites(Unknown Source)
        at javax.net.ssl.impl.SSLServerSocketImpl.setEnabledCipherSuites(Unknown Source)
        at weblogic.nodemanager.server.SSLListener.init(SSLListener.java:80)
        at weblogic.nodemanager.server.NMServer.start(NMServer.java:206)
        at weblogic.nodemanager.server.NMServer.main(NMServer.java:377)
        at weblogic.NodeManager.main(NodeManager.java:31) 
Ciphersuites were not picked when setting the ciphersuites using config.xml

<ciphersuite>TLS_RSA_WITH_RC4_128_SHA</ciphersuite>
<ciphersuite>TLS_RSA_WITH_RC4_128_MD5</ciphersuite>

The error was gone setting the arguments in JAVA_OPTIONS
-Dweblogic.security.SSL.Ciphersuites=SSL_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_RC4_128_MD5

The above works for JSSE as well.

I hope this helps.
Enjoy!
About


My name is Luz Mestre. I work as Principal Technical Support Engineer at Oracle Support. I'll post here the most interesting challenges I have in my daily work. The views expressed on this blog are my own and do not necessarily reflect the views of Oracle.

Search

Categories
Archives
« May 2015
SunMonTueWedThuFriSat
     
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
      
Today