Enable SSL

Due to the complexity in setting up SSL it is not enabled by default during installation. Communications between the browser and the application servers should be restricted to SSL.

Note:

For instructions on enabling SSL, see the Oracle WebLogic Server 12c guidelines or Enable SSL (for middle tier).

You must start the Oracle WebLogic Server with a parameter to exclude SSL 2.0 and/or SSL 3.0 to in order to mitigate the SSL V3.0 "Poodle" Vulnerability, CVE-2014-3566. For more information, see How to Change SSL/TLS Protocols in Oracle WebLogic Server - Disable SSL 2.0/3.0 and Enable TLS 1.x Options (Doc ID 2162789.1) on My Oracle Support (https://support.oracle.com). Oracle recommends that you disable the insecure SSL and TLS protocols, such as SSLv1, SSLv2, SSLv3, and TLSv1.0 and below.