OUD 11g / 12c - How to Review the Default Cipher Suites and Re-Configure Using the "dsconfig" Command
(Doc ID 2312420.1)
Last updated on MAY 25, 2023
Applies to:
Oracle Unified Directory - Version 11.1.2.3.0 and later Information in this document applies to any platform.
Goal
Need to change the cipher suites configured in OUD
For example - After use of Oracle DataRaker for OUD, to scan the release version deployed on production, some suggestions were provided about changing the cipher suites configuration to disable DES/3DES
OUD can act as a server or client depending on its implementation.
This article goes over the different areas of the configuration where cipher suites can be configured (which differs between 11g and 12c), and the default cipher suites for OUD 11g and 12c.
OUD System Default Protocols
- TLSv1.1
- TLSv1.2 - As of OUD Bundle Patch 11.1.2.3.170718, TLS 1.2 is supported. 2282669.1 - OUD BP 11.1.2.3.170718+ - Additional TLS Related Information (Doc ID 2282669.1)
Using the jvm keyword to Add the Protocols and Cipher Suites Configuration in java.security
The jvm keyword can be configured to add the Protocols and Cipher Suites configuration in java.security, as well as including additional ciphers in the OUD Configuration.
In OUD 12c, the jvm keyword represents OUD System default cipher suites, and can be configured on the server side (as a value for any “ssl-cipher-suite” property) as well as CLI tools.