How to Force >128bit Encryption with Oracle HTTP Server

(Doc ID 827412.1)

Last updated on APRIL 13, 2016

Applies to:

Oracle HTTP Server - Version: 10.1.2.0.0 to 10.1.3.4.0 - Release: AS10gR2 to AS10gR3
Information in this document applies to any platform.

Goal

How to Force >128bit Encryption with Oracle HTTP Server (OHS)?

The aim of this article is to show how to configure OHS to force greater than 128bit encryption if NOT using a Global Server ID. As per <> An Introduction to PKI and SSL, browsers will always negotiate to >128bit encryption, regardless of the Certificate type in the OHS Wallet (i.e Server Certificate or Global Server ID), providing the browser and OHS allow 128bit encryption or higher.
The problem is that out of the box, OHS supports a number of SSL Ciphersuites that also allow connections <128bit. As most businesses are not in control of which clients are connecting to OHS, this means that old browsers, misconfigured browsers, or other SSL clients can connect at <128bit, either intentionally or unintentionally. Businesses need a method to ensure that OHS only allows >128bit connections.

Note: As stated above this note is only applicable when OHS is not configured with a Global Server ID



Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms