How to Remove Weak Ciphers From Java Web Console Configuration (Doc ID 1307198.1)

Goal

Security auditing products, like Nessus, may detect Java Web Console allows the use of weak ciphers on port 6789. This document details how to modify your Java Web Console configuration to prevent the use of weak ciphers and accordingly resolve the potential security issue identified by the security auditing tool.

Java Web Console uses its own implementation of the Apache Tomcat Java Servlet and JavaServer Pages software. By default, this software allows clients, in this case web browsers, to connect to the application instance using all of the encryption ciphers offered by the Java Virtual Machine (JVM) on the system. This includes several weak ciphers.

To prevent this, you can either modify the JVM configuration or modify just the Java Web Console configuration. Modifying the JVM configuration may affect all applications on the system that use the same JVM instance which may not be the desired effect.  Accordingly, this document only details modifying the Java Web Console Configuration.

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.