New SSL Protocol and Cipher Options for Oracle Fusion Middleware 10.1.3.5/11.1.1.7 OPMN/ONS Component (Doc ID 1905314.1)

Last updated on OCTOBER 09, 2023

Applies to:

Oracle Fusion Middleware - Version 11.1.1.2.0 to 11.1.1.7.0 [Release Oracle11g]
Oracle Fusion Middleware - Version 10.1.3.0.0 to 10.1.3.5.0 [Release AS10gR3]
Information in this document applies to any platform.
- Oracle Fusion Middleware 11g Release 2 (11.1.2) is covered with the minimum version of 11.1.2.2
- Oracle Fusion Middleware 11g Release 1 (11.1.1) is covered with the minimum version of 11.1.1.7
- Oracle Application Server 10g Release 3 (10.1.3) is covered with the minimum version of 10.1.3.5
- Oracle Application Server 10g Release 2 (10.1.2) including Identity Management (10.1.4) is out of support and will not be covered in this document.
**** For 11.1.1.9, see SSL Configuration Required to Secure OPMN 11.1.1.9 After Applying Security Patch Updates ****

Goal

How to Edit SSL Protocol and Ciphers Used in OPMN/ONS

While using Oracle Fusion Middleware 10g or 11g, it may be noted that after starting OPMN (opmnctl start or startall), there is SSL communication on the opmn.xml configured remote port (default 6701), where the ciphers used are older and considered weak by today's standards. This document provides a method to update the default ciphers and offers an ability to modify both the protocol and cipher attributes to a custom setting.

Reference original Oracle Documentation which does not provide SSL protocol and cipher options:

Oracle Fusion Middleware Oracle Process Manager and Notification Server Administrator's Guide Release 11g (11.1.1)
http://docs.oracle.com/cd/E28280_01/doc.1111/e14007/toc.htm

Update: Oracle recommends disabling SSL 3.0 (SSLv3) by only using TLS option

Reference: http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html
and
<Note 1936300.1> How to Change SSL Protocols (to Disable SSL 3.0) in Oracle Fusion Middleware Products

See respective sections for 10g and 11g below: