Proactively Updating SSL Protocols, Ciphers, and Certificates for Oracle Fusion Middleware - WLS/OHS/WebCache
(Doc ID 2131521.1)
Last updated on FEBRUARY 08, 2024
Applies to:
Web Cache - Version 11.1.1.2.0 and later Oracle WebLogic Server - Version 10.3.2 and later Oracle Fusion Middleware - Version 11.1.1.2.0 and later Oracle HTTP Server - Version 11.1.1.2.0 and later Information in this document applies to any platform.
Goal
Overview
This document outlines the steps to take when a security scan detects an older SSL configuration is in place or if you are proactively updating your configuration for SSL protocols, ciphers or certificates.
Vulnerability FAQ and Security Scan Reports
In general, Oracle cannot comment, validate, or act on a third-party security scan reporting a vulnerability issue on your installed Oracle Fusion Middleware products. It is important to review "3. Scan Reports" section from "Note 1074055.1 Security Vulnerability FAQ for Oracle Database and Fusion Middleware Product".
Verify with the scan vendor, but some reports are actually looking for a newer SSL configuration, generically reporting like the following:
SSL/TLS Server Factoring RSA Export Keys SSL/TLS use of weak RC4 cipher SSL Server Supports Weak Encryption Vulnerability SSL/TLS server supports key exchanges that are cryptographically weaker than recommended
Solution
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!