How to Remove Weak Ciphers From Java Web Console Configuration (Doc ID 1307198.1)

Last updated on JULY 29, 2016

Applies to:

Solaris Operating System - Version 9 GA and later
Information in this document applies to any platform.
***Checked for relevance on 06-Oct-2012***

Goal

Security auditing products, like Nessus, may detect Java Web Console allows the use of weak ciphers on port 6789. This document details how to modify your Java Web Console configuration to prevent the use of weak ciphers and accordingly resolve the potential security issue identified by the security auditing tool.

Java Web Console uses its own implementation of the Apache Tomcat Java Servlet and JavaServer Pages software. By default, this software allows clients, in this case web browsers, to connect to the application instance using all of the encryption ciphers offered by the Java Virtual Machine (JVM) on the system. This includes several weak ciphers.

To prevent this, you can either modify the JVM configuration or modify just the Java Web Console configuration. Modifying the JVM configuration may affect all applications on the system that use the same JVM instance which may not be the desired effect.  Accordingly, this document only details modifying the Java Web Console Configuration.

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms