We are going through some security audits, and one of the things that we had failed on was an SSL test on our OBIEE server. The issue was that by default, Weblogic was allowing SSLv2 and weak ciphers, something out security team doesn't like.
The solution took me some googleing, but I found the change and it was quite simple. Essentially we had to add a simple command line argument to our bi_server startup script:
-Dweblogic.security.SSL.protocolVersion=SSL3 -Dweblogic.security.disableNullCipher=true
That resolved it, and now we are passing the SSL check.
For reference on how we setup SSL for OBIEE in Weblogic on the appserver, check out the previous blog post.
