1

We are usng Weblogic 8.1 and administration console suddenly stopped and inaccessible today.

For more than a year we use to access it until today as it is being blocked by these browsers:

  1. Internet Explorer - There is a problem with this website's security certificate. When i click continue, it's not redirecting to the admin console.

  2. Google Chrome - SSL server probably obsolete. ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION

  3. Firefox - Secure Connection Failed An error occurred during a connection to 192.168.0.18:17050. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap)

Ruelos Joel
  • 2,209
  • 3
  • 19
  • 33
  • This is probably still Java 5 right ? I think WL 10 still requires Java 5 as I recall. First try upgrade your Java version to the latest you can get working with 8.1. – rjdkolb Dec 15 '15 at 08:06
  • You can also try install the Java Cryptography Extension (JCE) Unlimited Strength for your Java version. http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archive-downloads-java-plat-419418.html#jce_policy-1.5.0-oth-JPR – rjdkolb Dec 15 '15 at 08:08
  • We are using the jrockit built in runtime from weblogic 8.1, this is equivalent to java 1.4. We can't instantly migrate the system to a higher runtime version as it is already in production. This is actually a legacy framework btw. – Ruelos Joel Dec 15 '15 at 08:15
  • can you try install the JCE Unlimited Strength for JRocket ? https://docs.oracle.com/cd/E13205_01/wcp/wng10/userguide/installation.html – rjdkolb Dec 15 '15 at 08:20

2 Answers2

0

You are running a very old version of JRocket Java equivalent to 1.4. There is a SSL protocol mismatch between your modern browsers and Weblogic's JRocket.

My best guess is to install the JRocket Java Cryptography Extension (JCE) Unlimited Strength files into your JRocket to boost the cipher list.

nmap has a ssl-enum-ciphers that will be able to print out the list of ciphers avialable before and after you install the Unlimited Strength files. See answer.

Community
  • 1
  • 1
rjdkolb
  • 10,377
  • 11
  • 69
  • 89
0

As an alternative and very ugly solution in Firefox.

Try this.

Enable support for 40-bit RSA encryption in the Firefox Browser:

  • enter 'about:config' in Browser Address bar
  • find/select
  • "security.ssl3.rsa_rc4_40_md5" set boolean to TRUE

Or this.

  • Open a new tab in Firefox and type “about:config” in the URL bar
  • You would get a warning dialog box, click Promise to be careful and move on
  • In the search bar, enter the following security.tls.version
  • First, right-click on the setting “security.tls.version.fallback-limit” and select modify. You’re going to change the “1” to “0”. Then do the same thing with “security.tls.version.min”, changing the “1” to “0”.
rjdkolb
  • 10,377
  • 11
  • 69
  • 89