Configure Specific Cipher Suites for OPAM SSL Server using WLST Command Line

(Doc ID 2310876.1)

Last updated on NOVEMBER 22, 2017

Applies to:

Oracle Privileged Account Manager - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Goal

Customer wants to Configure Specific Cipher Suites for OPAM SSL Server using WLST Command Line.

Customer needs to disable DES/3DES and lower cryptography standards that uses CBC 64 bit block size that are vulnerable to collision attack.

Customer implemented this using java.security - However they are still able to use DES:3DES in connecting to SSL Port of OPAM Weblogic Server.

EXPECTED BEHAVIOR
-----------------------
Customer must not be able to perform SSL handshake using DES:3DES.

STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. Configure OPAM Weblogic Server with java.security as shown below
2. connect to SSL port using OpenSSL with DES:3DES as cipher

 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms