OUD 11g / 12c - How to Review the Default Cipher Suites and Re-Configure Using Non-Default Cipher Suites
(Doc ID 2312420.1)
Last updated on AUGUST 27, 2021
Applies to:
Oracle Unified Directory - Version 11.1.2.3.0 and laterInformation in this document applies to any platform.
Goal
Need to change the cipher suites configured in OUD
For example - After use of Oracle DataRaker for OUD, to scan release version deployed on production, some suggestions were provided about changing the cipher suites configuration to disable DES/3DES
OUD can act as a server or client depending on its implementation.
This article goes over the different areas of the configuration where cipher suites can be configured (which differs between 11g and 12c), and the default cipher suites for OUD 11g and 12c.
Note:
OUD system default protocols -
TLSv1.2 or TLSv1.1 protocol versions
OUD system default ciphers -
For 12c -
System default cipher suites in a specific preference order, i.e.,
default enabled ciphers + JVM enabled ciphers - default disabled ciphers
For 12c -
“jvm” cipher suite flag:
Represents OUD System default cipher suites. Can be configured on server side (as value for any “ssl-cipher-suite” property) as well as CLI tools. Currently used only for EUS integration.
OUD system default protocols -
TLSv1.2 or TLSv1.1 protocol versions
OUD system default ciphers -
For 12c -
System default cipher suites in a specific preference order, i.e.,
default enabled ciphers + JVM enabled ciphers - default disabled ciphers
For 12c -
“jvm” cipher suite flag:
Represents OUD System default cipher suites. Can be configured on server side (as value for any “ssl-cipher-suite” property) as well as CLI tools. Currently used only for EUS integration.
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Goal |
| Solution |
OUD 11g Cipher Suite - Server Configuration |
| Example - Using the 'dsconfig' Command to List the Connection Handlers and Display the LDAPS Connection Handler Configuration / Configured Cipher Suites |
| What are the Default Set of SSL Cipher Suites Provided by the Server's JVM? |
OUD 11g Cipher Suite - Client Configuration |
| Example - Crypto Manager for Replication |
OUD 12c Cipher Suite - Server Configuration |
| Example - OUDSM |
OUD 12c Cipher Suite - Client Configuration |
| Example - LDAP Server Extension Used With OUD Proxy |
| Example - RDBMS Extension Used With OUD Proxy |
| Example - Command Line Interface (CLI) Tools |
Reference URLs |
| References |