My Oracle Support Banner

ODSEE11g - Null SSL Cipher Supported on LDAP Port of Directory Proxy Server (Doc ID 2562991.1)

Last updated on AUGUST 18, 2021

Applies to:

Oracle Directory Server Enterprise Edition - Version 11.1.1.7.181016 and later
Information in this document applies to any platform.

Goal

Customer's vulnerability scanning system detected that null ciphers (eg. AECDH-NULL-SHA) are supported on ports of the ODSEE directory proxy server.
----Scan Example-----
Null Ciphers (no encryption)

ECDHE-RSA-NULL-SHA Kx=ECDH Au=RSA Enc=None Mac=SHA1
AECDH-NULL-SHA Kx=ECDH Au=None Enc=None Mac=SHA1
----------------

The ciphers that can be used by Directory Proxy Server depend on the Java Virtual Machine (JVM) which is in use.
In this case the DPS uses the default JRE ciphers which may include and allow the null ciphers.
ie:

The goal of this document is to provide the possible solution to avoid the null ciphers detection from DPS point.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.