My Oracle Support Banner

OUD 11g / 12c - How to Review the Default Cipher Suites and Re-Configure Using the "dsconfig" Command (Doc ID 2312420.1)

Last updated on MAY 25, 2023

Applies to:

Oracle Unified Directory - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Goal

Need to change the cipher suites configured in OUD

For example - After use of Oracle DataRaker for OUD, to scan the release version deployed on production, some suggestions were provided about changing the cipher suites configuration to disable DES/3DES

OUD can act as a server or client depending on its implementation.

This article goes over the different areas of the configuration where cipher suites can be configured (which differs between 11g and 12c), and the default cipher suites for OUD 11g and 12c.

OUD System Default Protocols

- TLSv1.1

- TLSv1.2 -
As of OUD Bundle Patch 11.1.2.3.170718, TLS 1.2 is supported.
2282669.1 - OUD BP 11.1.2.3.170718+ - Additional TLS Related Information (Doc ID 2282669.1)

- TLSv1.3 -
As of OUD Bundle Patch 12.2.1.4.210406, TLS 1.3 is supported using JDK 8u261
References:
New Features and Enhancements in OUD Bundle Patch 12.2.1.4.210406
2505389.1 - OUD - Does Oracle Unified Directory Support TLS 1.3?

Using the jvm keyword to Add the Protocols and Cipher Suites Configuration in java.security

The jvm keyword can be configured to add the Protocols and Cipher Suites configuration in java.security, as well as including additional ciphers in the OUD Configuration.

In OUD 12c, the jvm keyword represents OUD System default cipher suites, and can be configured on the server side (as a value for any “ssl-cipher-suite” property) as well as CLI tools.

For more info -
Configuring JVM Cipher Suite

OUD System Default Ciphers

For 12c -
System default cipher suites in a specific preference order, i.e.,
default enabled ciphers + JVM enabled ciphers - default disabled ciphers

Reference (in this KM doc):

What are the Default Set of SSL Cipher Suites Provided by the Server's JVM?

 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Goal
 OUD System Default Protocols
 Using the jvm keyword to Add the Protocols and Cipher Suites Configuration in java.security
 OUD System Default Ciphers
Solution
 What are the Default Set of SSL Cipher Suites Provided by the Server's JVM?
 
OUD 11g Cipher Suite - Server Configuration
 Example - List the Connection Handlers and Display the LDAPS Connection Handler Configuration / Configured Cipher Suites
 OUD 11g Cipher Suite - Client Configuration
 Example - Crypto Manager for Replication
 
OUD 12c Cipher Suite - Server Configuration
 Example - OUDSM
 
OUD 12c Cipher Suite - Client Configuration
 Example - LDAP Server Extension Used With OUD Proxy
 Example - RDBMS Extension Used With OUD Proxy
 Example - Command Line Interface (CLI) Tools
 = For Tools That are Part of the OUD Instance =
 = For Tools That Are Not Part of the OUD Instance =
 
Reference URLs
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.