My Oracle Support Banner

How To Configure Which SSL Ciphers and Protocols are Used by Coherence (Doc ID 1936944.1)

Last updated on MAY 06, 2024

Applies to:

Oracle Coherence - Version 3.6.1 and later
Information in this document applies to any platform.

Goal

Can a Coherence SSL provider be configured to only use specific ciphers?

Prior to releases 12.1.2.0.4 and 12.1.3.0.1 it was only possible to use an undocumented feature to specify a list of enabled ciphers, this is allowed-listing.  Blocked-listing is providing a list of options that must be disabled.  If only a small number of options need to be avoided the ability to blocked-list them is typically simpler than configuring all the options that are allowed.

Prior to 12.1.2.0.4 and 12.1.3.0.1 the use of blocked lists for cipher-suites is not supported. And support for specifying protocol versions, in allowed or blocked list form, is only supported in 12.1.2.0.4 and 12.1.3.0.1 and later.

In 12.1.2.0.4 and 12.1.3.0.1 and later, both allowed-listing and blocked-listing of both protocols and ciphers are supported, and are documented in each release's documentation, for example: SSL Element Operational Configuration Reference.

In addition, with Java 7 is it possible to disable cryptographic algorithms, see the Java 7 Security Enhancements for details on this alternative which requires no Coherence specific changes.

Finally, if the goal is to disable the use of SSLv3, then please also refer to <Note: 1965582.1>, "How to disable SSL 3.0 in Oracle Coherence".
 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
 Releases Prior to 12.1.2.0.4 and 12.1.3.0.1
  Releases post 12.1.2.0.4 and 12.1.3.0.1
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.