Oracle VM: Disable Weak Arcfour Encryption Algorithms Via The OVM Command-line Interface (CLI)
(Doc ID 2547209.1)
Last updated on JUNE 17, 2020
Applies to:
Oracle VM - Version 3.4.1 and laterLinux x86-64
Symptoms
The Oracle VM CLI has some weak encryption algorithms enabled by default:
- arcfour128
- arcfour256
This can be verified by running:
# nmap --script ssh2-enum-algos -sV -Pn -p 22 localhost
Starting Nmap 5.51 ( <a href="http://nmap.org" alt="Click (or CTRL+Click if using Firefox) to view" title="Click (or CTRL+Click if using Firefox) to view" name="contextTextUrl_1559141497663" target="_blank" data-mce-href="http://nmap.org"><span id="3-92GS9TX1559141497663">http://nmap.org</span></a> ) at 2019-03-29 20:49 +03
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000068s latency).
Other addresses for localhost (not scanned): 127.0.0.1
PORT STATE SERVICE VERSION
10000/tcp open ssh (protocol 2.0)
| ssh2-enum-algos:
| kex_algorithms (6)
| diffie-hellman-group-exchange-sha256
| diffie-hellman-group-exchange-sha1
| ecdh-sha2-nistp256
| ecdh-sha2-nistp384
| ecdh-sha2-nistp521
| diffie-hellman-group1-sha1
| server_host_key_algorithms (1)
| ssh-rsa
| encryption_algorithms (7)
| aes128-ctr
| aes192-ctr
| aes256-ctr
| arcfour128
| arcfour256
| aes192-cbc
| aes256-cbc
| mac_algorithms (6)
| hmac-sha2-256
| hmac-sha2-512
| hmac-sha1
| hmac-md5
| hmac-sha1-96
| hmac-md5-96
| compression_algorithms (1)
|_ none
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Cause |
| Solution |
| Workaround |
| Remedy |
| References |