My Oracle Support Banner

How to Force Greater than 128bit Encryption with Oracle HTTP Server (Doc ID 827412.1)

Last updated on JULY 01, 2024

Applies to:

Oracle HTTP Server - Version 10.1.2.0.0 to 10.1.3.4.0 [Release AS10gR2 to AS10gR3]
Information in this document applies to any platform.

Goal

How to Force greater than 128bit Encryption with Oracle HTTP Server (OHS)?

The aim of this article is to show how to configure OHS to force greater than 128bit encryption if NOT using a Global Server ID. As per <Note 264080.1> An Introduction to PKI and SSL, browsers will always negotiate to >128bit encryption, regardless of the Certificate type in the OHS Wallet (i.e Server Certificate or Global Server ID), providing the browser and OHS allow 128bit encryption or higher.
The problem is that out of the box, OHS supports a number of SSL Ciphersuites that also allow connections <128bit. As most businesses are not in control of which clients are connecting to OHS, this means that old browsers, misconfigured browsers, or other SSL clients can connect at <128bit, either intentionally or unintentionally. Businesses need a method to ensure that OHS only allows >128bit connections.

Note: As stated above this note is only applicable when OHS is not configured with a Global Server ID




Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Goal
Solution
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.