New SSL Protocol and Cipher Options for Oracle Fusion Middleware's OPMN/ONS Component
Last updated on MAY 16, 2018
Applies to:Oracle Fusion Middleware - Version 10.1.3.0.0 to 10.1.3.5.0 [Release AS10gR3]
Oracle Fusion Middleware - Version 18.104.22.168.0 to 22.214.171.124.0 [Release Oracle11g]
Information in this document applies to any platform.
- Oracle Fusion Middleware 11g Release 2 (11.1.2) is covered with the minimum version of 126.96.36.199
- Oracle Fusion Middleware 11g Release 1 (11.1.1) is covered with the minimum version of 188.8.131.52
- Oracle Application Server 10g Release 3 (10.1.3) is covered with the minimum version of 10.1.3.5
- Oracle Application Server 10g Release 2 (10.1.2) including Identity Management (10.1.4) is out of support and will not be covered in this document.
How to Edit SSL Protocol and Ciphers Used in OPMN/ONS
While using Oracle Fusion Middleware 10g or 11g, it may be noted that after starting OPMN (opmnctl start or startall), there is SSL communication on the opmn.xml configured remote port (default 6701), where the ciphers used are older and considered weak by today's standards. This document provides a method to update the default ciphers and offers an ability to modify both the protocol and cipher attributes to a custom setting.
Reference original Oracle Documentation which does not provide SSL protocol and cipher options:
Oracle Fusion Middleware Oracle Process Manager and Notification Server Administrator's Guide Release 11g (11.1.1)
Update: Oracle recommends disabling SSL 3.0 (SSLv3) by only using TLS option
<Note 1936300.1> How to Change SSL Protocols (to Disable SSL 3.0) in Oracle Fusion Middleware Products
See respective sections for 10g and 11g below:
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms