This discussion is archived
1 Reply Latest reply: Oct 31, 2013 9:26 AM by garywicke RSS

How do I specify a strong (256-bit) cipher but not a CBC?

garywicke Newbie
Currently Being Moderated

Environment:


Oracle 11.2.0.3 EE on Solaris


I apologize in advance, I'm not a security person but I have a need to use a strong, 256-bit, cipher in my EM configuration file (emd.properties) but it can't be one of the CBC ciphers in the supported list.


According to the list in the EMD.PROPERTIES file the supported ciphers are:

# If not specified, the default list is:

# SSL_RSA_WITH_RC4_128_MD5

# SSL_RSA_WITH_RC4_128_SHA

# SSL_RSA_WITH_3DES_EDE_CBC_SHA

# SSL_RSA_WITH_DES_CBC_SHA

# SSL_RSA_EXPORT_WITH_RC4_40_MD5

# SSL_RSA_EXPORT_WITH_DES40_CBC_SHA

#

# the supported list is:

# SSL_RSA_WITH_3DES_EDE_CBC_SHA

# SSL_RSA_WITH_RC4_128_SHA

# SSL_RSA_WITH_RC4_128_MD5

# SSL_RSA_WITH_DES_CBC_SHA

# SSL_RSA_EXPORT_WITH_RC4_40_MD5

# SSL_RSA_EXPORT_WITH_DES40_CBC_SHA

# SSL_RSA_WITH_AES_128_CBC_SHA

# SSL_RSA_WITH_AES_256_CBC_SHA

# SSL_DH_anon_WITH_3DES_EDE_CBC_SHA

# SSL_DH_anon_WITH_RC4_128_MD5

# SSL_DH_anon_WITH_DES_CBC_SHA

 


I can see only one (1) 256-bit cipher in the list but unfortunately it is also a CBC cipher which I've been told is unacceptable.


I'm not familiar with the strength of the other ciphers.


Are any of them considered 'strong' without being a CBC?


Is there a way to import other 256-bit non-CBC ciphers?


Thanks very much for your help!!


-gary

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points