EM 24ai: How to Disable Weak SSLCipherSuites in Enterprise Manager
(Doc ID 3069589.1)
Last updated on FEBRUARY 18, 2025
Applies to:
Enterprise Manager Base Platform - Version 24.1.0.0.0 and later Information in this document applies to any platform.
Goal
This document explains steps to disable weak SSLCipherSuites used by the EM 24.1 OMS, Agent and WLS. This procedure is useful if a security policy determines usage of only the strong cipher suites for the communication between the OMS and Agent, for EM Console access or if a security scan reports a Weak CBC Mode Vulnerability for EM components.
If you want to disable the weak cipher suites to address any security exposure, then check the information listed below:
1. Collect the scan report and note the port number on which the exposure is reported.
2. Check the EM process running on that port, by referring to port numbers in <EM INSTANCE HOME>/em/EMGC_OMS1/emgc.properties file.
3. For EM version 13.1 to 13.3, refer to document below 13c: How to Disable Weak SSLCipherSuites in Enterprise Manager 13c Cloud Control (<Note 2138391.1>)
4. For EM version 13.4 & 13.5, refer to document below 13.4 & 13.5 : How to Disable Weak SSLCipherSuites in Enterprise Manager 13.4/13.5 Cloud Control (<Note 2663483.1>)
5. The following variable paths are used in this note:
<EM_BASE> = Base Location where EM OMS is installed <OMS HOME> = <EM_BASE>/oms_home <EXT_OMS_HOME> = <EM_BASE>/ext_oms_home <OMS_INSTANCE_HOME>=<EM_BASE>/gc_inst <GCDOMAIN HOME> = <EM_INSTANCE_BASE>/gc_inst/user_projects/domains/GCDomain/ <EMEXTDOMAIN HOME> = <EM_INSTANCE_BASE>/gc_inst/user_projects/domains/EMExtDomain1
Solution
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
