How to Remove Weak Ciphers From Java Web Console Configuration
(Doc ID 1307198.1)
Last updated on FEBRUARY 01, 2019
Applies to:Solaris Operating System - Version 9 GA and later
Information in this document applies to any platform.
***Checked for relevance on 06-Oct-2012***
Security auditing products, like Nessus, may detect Java Web Console allows the use of weak ciphers on port 6789. This document details how to modify your Java Web Console configuration to prevent the use of weak ciphers and accordingly resolve the potential security issue identified by the security auditing tool.
Java Web Console uses its own implementation of the Apache Tomcat Java Servlet and JavaServer Pages software. By default, this software allows clients, in this case web browsers, to connect to the application instance using all of the encryption ciphers offered by the Java Virtual Machine (JVM) on the system. This includes several weak ciphers.
To prevent this, you can either modify the JVM configuration or modify just the Java Web Console configuration. Modifying the JVM configuration may affect all applications on the system that use the same JVM instance which may not be the desired effect. Accordingly, this document only details modifying the Java Web Console Configuration.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document