OUD 11g / 12c - How To Review the Default Cipher Suites and Re-Configure Using Non-Default Cipher Suites (Doc ID 2312420.1)

Last updated on MAY 17, 2018

Applies to:

Oracle Unified Directory - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Goal

Need to change the cipher suites configured in OUD

For example - After use of Oracle DataRaker for OUD, to scan release version deployed on production, some suggestions were provided about changing the cipher suites configuration to disable DES/3DES

OUD can act as a server or client depending on its implementation.

This article goes over the different areas of the configuration where cipher suites can be configured (which differs between 11g and 12c), and the default cipher suites for OUD 11g and 12c.

Note:

OUD system default protocols -

TLSv1.2 or TLSv1.1 protocol versions

OUD system default ciphers -

For 12c -
System default cipher suites in a specific preference order, i.e.,
default enabled ciphers + JVM enabled ciphers - default disabled ciphers

For 12c -
“jvm” cipher suite flag:
Represents OUD System default cipher suites. Can be configured on server side (as value for any “ssl-cipher-suite” property) as well as CLI tools. Currently used only for EUS integration.