ODSEE11g - Null SSL Cipher Supported on LDAP Port of Directory Proxy Server
(Doc ID 2562991.1)
Last updated on NOVEMBER 29, 2022
Applies to:
Oracle Directory Server Enterprise Edition - Version 11.1.1.7.181016 and laterInformation in this document applies to any platform.
Goal
Customer's vulnerability scanning system detected that null ciphers (eg. AECDH-NULL-SHA) are supported on ports of the ODSEE directory proxy server.
----Scan Example-----
Null Ciphers (no encryption)
ECDHE-RSA-NULL-SHA Kx=ECDH Au=RSA Enc=None Mac=SHA1
AECDH-NULL-SHA Kx=ECDH Au=None Enc=None Mac=SHA1
----------------
The ciphers that can be used by Directory Proxy Server depend on the Java Virtual Machine (JVM) which is in use.
In this case the DPS uses the default JRE ciphers which may include and allow the null ciphers.
ie:
The goal of this document is to provide the possible solution to avoid the null ciphers detection from DPS point.
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
References |