My Oracle Support Banner

E-SSL: How to Enforce Strong SSL/TLS Key Exchange Using Diffie-Hellman ? (Doc ID 2950744.1)

Last updated on MARCH 15, 2024

Applies to:

PeopleSoft Enterprise PT PeopleTools - Version 8.59 and later
Information in this document applies to any platform.

Symptoms

Execute the below openssl command on the WebLogic PIA domain. We get the "Server Temp key" as 1024 bits. However, "Server public key" is shown as 2048 bits, so this means that PIA is not using strong ciphers.

Example below was performed using a Digicert certificate to demonstrate:


$ openssl s_client -cipher DHE-RSA-AES256-GCM-SHA384 -tls1_2 -connect <IP ADDRESS>:<PORT>

 

Results returned:


CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
verify return:1
depth=0 C = US, ST = <STATE>, L = <CITY>, O = <COMPANY>, CN = <HOST NAME>
verify return:1

Server certificate
-----BEGIN CERTIFICATE-----
.........etc
.
.........etc
-----END CERTIFICATE-----
subject=/C=US/ST=*****/L=******/O=<COMPANY>/CN=<HOST NAME>
issuer=/C=US/O=DigiCert Inc/CN=DigiCert TLS RSA SHA256 2020 CA1
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: DH, 1024 bits
---
.............etc
---
.............etc

---
read:errno=0

 

How can we make "Server Temp key" as 2048 bit?

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.