We have a Weblogic 10.3.6 instance that needs to go to TLS 1.0. We have both a webpage and a .Net Compact Framework 3.5 application connecting to it.
When it's set to the default, everything works. When we set the weblogic.security.SSL.ProtocolVersion to TLS1, we start running into issues with the .Net application. The browsers still work, but the embedded Java applet wouldn't connect until we disabled the "Use SSL 2.0 compatible ClientHello Format" setting.
When we try to connect the .Net application, we get a handshake error "System.Net.WebException: Could not establish secure channel for SSL/TLS ---> System.Net.WebException: Handshake has failed, see inner exception."
On the application server logs, we get the following error "Caught sslException: javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled returning false for isMessageComplete".
Unfortunately, because we're using Compact Framework, I can't specify the SSLProtocol.
We got the same error for our Java applet until we turned off the "SSL 2.0 compatible clienthello format" which leads me to believe that if we could enable the ClientHello format, but keep the minimum protocol version to TLS 1.0, it should meet our requirements.
Here's our startup arguments: ${JAVA_HOME}/bin/java ${JAVA_VM} ${MEM_ARGS} -Dweblogic.Name=${SERVER_NAME} -Djava.security.policy=${WL_HOME}/server/lib/weblogic.policy -Dsun.security.ssl.allowUnsafeRenegotiation=true -Dsun.security.ssl.allowLegacyHelloMessages=true -Dweblogic.security.SSL.protocolVersion=TLS1 -Dweblogic.security.SSL.nojce=true ${JAVA_OPTIONS} ${PROXY_SETTINGS} ${SERVER_CLASS}
