My Oracle Support Banner

Is SSLHonorCipherOrder and TLS 1.1/1.2 Supported for Oracle HTTP Server (Doc ID 1485047.1)

Last updated on JULY 25, 2022

Applies to:

Web Cache - Version and later
Oracle Security Service - Version and later
Oracle HTTP Server - Version and later
Oracle Fusion Middleware - Version and later
Information in this document applies to any platform.



This document covers two issues because the question is about the support of SSLHonorCipherOrder and/or TLS 1.1 and 1.2. It is a popular request to check/configure these at the same time. SSLHonorCipherOrder requires newer protocols and OHS versions and earlier only support up to TLS 1.0. Overall, it is recommended to be on a supported version with Critically Patch Updates applied. Newer industry standards are implemented on newer OHS versions. This document outlines the history during a transitional period when the industry changed to newer SSL protocols and ciphers. 


As a security best practice, an administrator can choose to only allow newer/stronger SSL protocols and ciphers with the SSLProtocol and SSLCipherSuite directives. When choosing a cipher during an SSL handshake, normally the client's preference is used. If an SSLHonorCipherOrder directive is enabled, the server's preference will be used instead, allowing an administrator even more control over security. SSLHonorCipherOrder is an Apache directive which allows more control to an administrator.  The directive is available in Apache 2.1 and later, (if using OpenSSL 0.9.7 or later), as provided at the web site:

When configuring this in the Oracle HTTP Server ssl.conf file, the Oracle HTTP Server fails to start saying it is not a valid directive.


TLS 1.1 and TLS 1.2

SSLHonorCipherOrder directive is more desirable when the older SSL 3.0 or TLS 1.0 protocols are used. Many administrators prefer to configure TLS 1.1 and 1.2.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
 TLS 1.1 and TLS 1.2
 Support for SSLHonorCipherOrder
 Support for TLS 1.1 and 1.2
 Configurable Options Available
 SSL Protocols
 SSL Ciphers
 Oracle Web Cache

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.