Are Any RSA Ciphers Disabled By Default?
(Doc ID 2915424.1)
Last updated on MARCH 14, 2024
Applies to:
Oracle Communications Messaging Server - Version 8.1.0 and laterInformation in this document applies to any platform.
Goal
Are there any RSA ciphers that are disabled by default?
An internal ticket was flagged for security about "ROBOT" vulnerability.
It appears the mitigation for this is to disable "RSA encryption":
From: https://qualys.secure.force.com/articles/How_To/000002963
* Not all servers that support RSA key exchange are vulnerable. But, it is recommended to disable RSA key exchange ciphers as it does not support forward secrecy.
* DH/ECDH ciphers are not vulnerable but Ephemeral DHE/ECDHE are recommended and support Perfect Forward Secrecy.
and from: https://www.robotattack.org
> ... By disabling RSA encryption we mean all ciphers that start with TLS_RSA. It does not include the ciphers that use RSA signatures and include DHE or ECDHE in their name. These ciphers are not affected by our attack.
The following parameter has been set on all systems:
Are these disabled by default? If they are not disabled by default, are there any plans to do so?
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
References |