The below described issue affects the below version of SOA/Weblogic install:
- Oracle SOA Suite - Version 11.1.1.6.0 to 11.1.1.9.0 [Release 11gR1 to 11g]
- Oracle WebLogic Server - Version 10.3.6 and later
While trying to make an outbound connection using TLS 1.2 from SOA 11.1.1.7 running on WLS 10.3.6/JDK 1.7U80 as per my article here one gets the below error.
"javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure"
As per the article and Oracle notes below startup argument should help enabling the TLS 1.2 protocol to make the outbound connection. Below startup argument will support/enable TLS 1.0 to TLS 1.2 protocols for out bound connections made from the server.
-Dhttps.protocols="TLSv1,TLSv1.1,TLSv1.2"
However there is a bug that the system may in most cases run into. The bug 22612527 may cause JVM to ignore above flag.
How do we solve this ?
Option A:
Install Patch 22612527 (Please Note: required Patch 13866584 is needed before installing 22612527)
After installing the patch, add -Dhttps.protocols="TLSv1.2" to the SOA JVM startup arguments and test if the issue is gone ! This approach is recommended in case you do not want to upgrade the JDK and retest the code.
Option B:
Upgrade Java to version 1.8 or 1.7 131 b12 (or greater) both of these versions use TLSv1.2 by default.
Voila, you just solved a critical issue and turned your Integration server into a more secure system ! Please let me know in the comment section if this article helped you anyways.
Happy Learning ...
Soumya Mishra
ReplyDeleteThis is very important and imformative blog,thanks for good info Oracle SOA Online Training Bangalore