How To Configure Which SSL Ciphers and Protocols are Used by Coherence

(Doc ID 1936944.1)

Last updated on JANUARY 16, 2018

Applies to:

Oracle Coherence - Version 3.6.1 and later
Information in this document applies to any platform.


Can a Coherence SSL provider be configured to only use specific ciphers?

Prior to releases and it was only possible to use an undocumented feature to specify a list of enabled ciphers, this is white-listing.  Black-listing is providing a list of options that must be disabled.  If only a small number of options need to be avoided the ability to black-list them is typically simpler than configuring all the options that are allowed.

Prior to and the use of black lists for cipher-suites is not supported. And support for specifying protocol versions, in white or black list form, is only supported in and and later.

In and and later, both white-listing and black-listing of both protocols and ciphers are supported, and are documented in each release's documentation, for example: SSL Element Operational Configuration Reference.

In addition, with Java 7 is it possible to disable cryptographic algorithms, see the Java 7 Security Enhancements for details on this alternative which requires no Coherence specific changes.

Finally, if the goal is to disable the use of SSLv3, then please also refer to <Note: 1965582.1>, "How to disable SSL 3.0 in Oracle Coherence".


Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms