My Oracle Support Banner

OID11g - How to use TLSv1.0 or TLSv1.1 or TLSv1.2 only in OID environment (to work with DIP, ODSM, EM) after setting orclcryptoversion 28, 24 or 16 (Doc ID 2597481.1)

Last updated on OCTOBER 21, 2020

Applies to:

Oracle Internet Directory - Version 11.1.1.9.0 and later
Information in this document applies to any platform.

Goal

Starting to OID 11.1.1.9.0, is possible to choose what SSL protocol to use with OID by using orclcryptoversion attribute
https://docs.oracle.com/middleware/11119/oid/administer/ssl.htm#CHDIFGGC

For setting OID to only work with more recent and secure SSL protocols as TLSv1.1.& TLSv1.2, orclcryptoversion must be set to 28(TLSv1.0+TLSV1.1+TLSv1.2), 24 (TLSV1.1+TLSv1.2) or 16 (TLSv1.2).
However, although, OID is indeed using requested protocol (i.e. TLSv1.2), DIP and ODSM and accessing OID components through EM may not work and the following effects may be seen:


1. oid1 is down in EM
2. DIP in not able to connect to OID (Quartz Scheduler and MBeans are Down)
3. ODSM is not accessible through SSL port.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.