My Oracle Support Banner

OAA 12.2.1.4 : How to remove weak SSL Ciphers in OAA with nginx (Doc ID 3027158.1)

Last updated on JUNE 12, 2024

Applies to:

Oracle Advanced Authentication - Version 12.2.1.4 and later
Information in this document applies to any platform.

Symptoms

A test on OAA port to list supported ciphers listed below weak ciphers as supported.

RSA_WITH_AES_128_CBC_SHA
RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Tool used for testing - java -jar TestSSLServer.jar Master-IP <Ingress-Port>

As per "kubectl get service -n oaans", this port <Ingress-Port> belongs to nginx and this is not OAA related.

Note: nginx.conf  does not list these weak ciphers

Changes

 None

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.