EM 12c: Configure Enterprise Manager 12c Cloud Control to Accept Connections with TLSv1.0 Protocol

(Doc ID 1602983.1)

Last updated on DECEMBER 27, 2017

Applies to:

Enterprise Manager Base Platform - Version 12.1.0.1.0 and later
Information in this document applies to any platform.

Goal

Enterprise Manager Cloud Control can use either the http or https protocol for communication between

1) Browser clients and OMS
2) OMS and Agent

When https is used for communication, the client and server can negotiate to use a particular SSL protocol version such as SSLv2, SSLv3, TLSv1 for the communication. By default, the OMS server does not accept connections using SSLv2 but accepts SSL connections using SSLv3 or TLSv1, as negotiated during the SSL handshake with the client.

This document provides the steps for configuring the OMS,Agent and WLS in EM 12c setup to accept connections only using TLSv1.0 protocol, which is the highest supported protocol with EM 12c.

Configuring TLSv1 only mode is also required to overcome POODLE Vulnerability

Note : For TLS versions 1.1 and 1.2, JDK 7 is needed. However EM 12.1.0.x has been certified only with JDK 6 and not with JDK 7. Using TLS 1.1 & 1.2 is supported with EM 13c, which uses JDK 7.
Details are in:
<Note 2212006.1> : EM 13c: Enterprise Manager 13c Cloud Control Configuration with Specific Transport Layer Security Protocol:TLSv1.0,TLSv1.1,TLSv1.2

 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms