ODSEE11g - Null SSL Cipher Supported on LDAP Port of Directory Proxy Server
(Doc ID 2562991.1)
Last updated on AUGUST 18, 2021
Applies to:Oracle Directory Server Enterprise Edition - Version 126.96.36.199.181016 and later
Information in this document applies to any platform.
Customer's vulnerability scanning system detected that null ciphers (eg. AECDH-NULL-SHA) are supported on ports of the ODSEE directory proxy server.
Null Ciphers (no encryption)
ECDHE-RSA-NULL-SHA Kx=ECDH Au=RSA Enc=None Mac=SHA1
AECDH-NULL-SHA Kx=ECDH Au=None Enc=None Mac=SHA1
The ciphers that can be used by Directory Proxy Server depend on the Java Virtual Machine (JVM) which is in use.
In this case the DPS uses the default JRE ciphers which may include and allow the null ciphers.
The goal of this document is to provide the possible solution to avoid the null ciphers detection from DPS point.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document