0

I am trying to set up SSL/TLS for my weblogic admin console. Note this is not for the Weblogic Server but for the admin console.

I would like to specifically set the the admin console to only use TLS 1.2. Originally I thought that I could set it under setEnv and set the java_admin_options or something like that but I still was able to connect to it via SSlv3.

Also if possible can cipher suites be set for the admin console as well? I know how to set them for the regular server, but unsure on how to set them for for the admin server.

EEAA
  • 109,363
  • 18
  • 175
  • 245
Vnge
  • 195
  • 3
  • 12

1 Answers1

0

you can add the following line of code in commEnv.sh file.(i am using it on weblogic 12c)

# Set server startup arguments for AdminServer

if [ "${SERVER_NAME}" == "AdminServer" ] ; then
      USER_MEM_ARGS="-Xms1024m -Xmx1024m -Dweblogic.security.SSL.protocolVersion=TLSv1.2"
export USER_MEM_ARGS
fi

This will only enable TLS on admin server as per requirement.

you can also try -Dweblogic.security.SSL.minimumProtocolVersion=TLSv1.0 parameter in commEnv.sh file which will disable SSLv3.

You can change the cipher suites on admin server as mentioned below by adding it under ssl tab in config.xml

<server> <name>AdminServer</name> <ssl> <name>AdminServer</name> <enabled>true</enabled> <ciphersuite>TLS_RSA_WITH_AES_128_CBC_SHA</ciphersuite> <ciphersuite>TLS_RSA_WITH_AES_256_CBC_SHA</ciphersuite> <ciphersuite>TLS_RSA_WITH_3DES_EDE_CBC_SHA</ciphersuite> <ciphersuite>TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA</ciphersuite>

Man-I-n-MiddLeWare
  • 64
  • 4