Setting SSL Certificate Nickname In PORT_ACCESS Mapping Bypasses ssladjustciphersuites
(Doc ID 2882883.1)
Last updated on FEBRUARY 13, 2023
Applies to:Oracle Communications Messaging Server - Version 8.1.0 and later
Information in this document applies to any platform.
Setting an SSL certificate nickname in PORT_ACCESS mapping bypasses ssladjustciphersuites.
The very last thing in PORT_ACCESS is:
If the same command is performed, except without the -cipher switch, from the same system, it succeeds and shows it is using ECDHE-RSA-AES128-GCM-SHA256. All good.
If that first command is performed from a system which is treated as "external", it succeeds and shows it is using EDH-RSA-DES-CBC3-SHA. This is incorrect.
It is expected that external clients in the PORT_ACCESS mapping table with disabled cipher suites should not be allowed.
In a new configuration, there was a need to set PORT_ACCESS to return a different certificate nickname based on the client IP address.
For connections from internal systems, the normal "Server-Cert" is used.
For connections from external clients, it is desired to use a different certificate, "MXexternalCert".
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!