OID 11g / 12c : How to Change OID 12c or 11g 11.1.1.9 orclcryptoversion for TLS/SSL Protocols ?
(Doc ID 2051840.1)
Last updated on FEBRUARY 28, 2023
Applies to:
Oracle Internet Directory - Version 11.1.1.9.0 and laterInformation in this document applies to any platform.
Goal
How to Change OID 12c or 11g 11.1.1.9 orclcryptoversion for TLS/SSL Protocols
OID 11.1.1.9: Background on what is orclcryptoversion:
==================================
Oracle Internet Directory supports the following TLS/SSL protocols:
SSLv3
TLSv1
Oracle Internet Directory does not support SSLv2.
TLSv1 can use all of the cipher suites listed in Table 27-1 . per the below OID Admin Document link. SSLv3 and SSLv3 with SSLv2 Hello can use the first 10 cipher suites listed in Table 27-1 of below doc link,
They cannot use the AES ciphers.SL_RSA_WITH_AES_128_CBC_SHA or SSL_RSA_WITH_AES_256_CBC_SHA.
OID 11.1.1.9 Supported Protocol Versions
From 11g (11.1.1.9) onward, you can specify the SSL/TLS version using the orclcryptoversion attribute.
The orclcryptoversion attribute allows you to enable more than one protocol by specifying the corresponding value and populating the attribute.
Table 27-2 lists the protocol mapping with its corresponding value in above OID Admin Document link.
Challenge: The above document talks about orclcryptoversion , but not mentions on how to modify it in OID. However, we cannot locate any documentation on where to set it and it does not appear as an option on existing oid instances. Where can this be defined?
This Article answers this query.
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Goal |
| OID 11.1.1.9 Supported Protocol Versions |
| Solution |
| References |