My Oracle Support Banner

13c: How to Disable Weak SSLCipherSuites in Enterprise Manager 13c Cloud Control (Doc ID 2138391.1)

Last updated on MARCH 02, 2020

Applies to:

Enterprise Manager Base Platform - Version 13.1.0.0.0 and later
Information in this document applies to any platform.

Goal

This document explains steps to disable weak SSLCipherSuites used by the EM 13c OMS, Agent and WLS.
This procedure is useful if a security policy determines usage of only the strong cipher suites for the communication between the OMS and Agent, for EM Console access or if a security scan reports a Weak CBC Mode Vulnerability for EM components.

If you want to disable the weak cipher suites to address any security exposure, then check the information listed below:

1. Collect the scan report and note the port number on which the exposure is reported.
2. Check the EM process running on that port, by referring to port numbers in <EM INSTANCE HOME>/em/EMGC_OMS1/emgc.properties file.
3. Follow the solution provided in this document for respective process or application.
For EM 12c,follow <Note1477287.1> EM 12c:How to Disable Weak SSLCipherSuites Used by Enterprise Manager Cloud Control

4.The following variable paths are used in this note:

<EM_INSTANCE_BASE> = Base Location where EM OMS is installed
<MIDDLEWARE HOME> = <EM_INSTANCE_BASE>/middleware
<OMS_HOME> = <MIDDLEWARE HOME>/bin
<GCDOMAIN HOME> = <EM_INSTANCE_BASE>/gc_inst/user_projects/domains/GCDomain/

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
 Pre-Requisistes
 OMS(OHS component of OMS)
 Agent
 WLS(WLS in OMS)
 OHS Admin Port(Default port:9999)
 Verification
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.