New SSL Protocol and Cipher Options for Oracle Fusion Middleware's OPMN/ONS Component
(Doc ID 1905314.1)
Last updated on JANUARY 31, 2019
Applies to:Oracle Fusion Middleware - Version 22.214.171.124.0 to 126.96.36.199.0 [Release Oracle11g]
Oracle Fusion Middleware - Version 10.1.3.0.0 to 10.1.3.5.0 [Release AS10gR3]
Information in this document applies to any platform.
- Oracle Fusion Middleware 11g Release 2 (11.1.2) is covered with the minimum version of 188.8.131.52
- Oracle Fusion Middleware 11g Release 1 (11.1.1) is covered with the minimum version of 184.108.40.206
- Oracle Application Server 10g Release 3 (10.1.3) is covered with the minimum version of 10.1.3.5
- Oracle Application Server 10g Release 2 (10.1.2) including Identity Management (10.1.4) is out of support and will not be covered in this document.
How to Edit SSL Protocol and Ciphers Used in OPMN/ONS
While using Oracle Fusion Middleware 10g or 11g, it may be noted that after starting OPMN (opmnctl start or startall), there is SSL communication on the opmn.xml configured remote port (default 6701), where the ciphers used are older and considered weak by today's standards. This document provides a method to update the default ciphers and offers an ability to modify both the protocol and cipher attributes to a custom setting.
Reference original Oracle Documentation which does not provide SSL protocol and cipher options:
Oracle Fusion Middleware Oracle Process Manager and Notification Server Administrator's Guide Release 11g (11.1.1)
Update: Oracle recommends disabling SSL 3.0 (SSLv3) by only using TLS option
<Note 1936300.1> How to Change SSL Protocols (to Disable SSL 3.0) in Oracle Fusion Middleware Products
See respective sections for 10g and 11g below:
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document
|How to Edit SSL Protocol and Ciphers Used in OPMN/ONS|
|Patch Required to Update SSL Protocol and Cipher for Oracle Fusion Middleware 11g OPMN/ONS (220.127.116.11)|
|Patch Required to Update SSL Protocol and Cipher for Oracle Fusion Middleware 10g OPMN/ONS (10.1.3.5)|
|OPMN Default and Configurable Options for Protocols and Ciphers|
|Example in opmn.xml File|
|Other Compatible Patching and Configuration|
|FIPS Consideration - If You Enable FIPS 140-2|