Help with settings for startNodeManager.sh to diable ciphers < 128 bits.
Hello,
I'm having a problem disabling ciphers less than 128 bits in the nodemanager on port 5556.
I have been able to force TLS which works fine.
When a retina scan is run, I get findings specifically flaging
DES-CBC-SHA and EDH-RSA-DES-CBC-SHA which are 56 bit and
EXP-DES-CBC-SHA, EXP-EDH-RSA-DES-CBC-SHA,and EXP-RC4-MD5 which are 40 bit ciphers
as being "accepted ssl ciphers".
I thought by setting the java options to the startNodeManager.sh (which we use to start the nodemanager) file as follows would disble these low ciphers:
"${JAVA_HOME}/bin/java" ${JAVA_VM} ${MEM_ARGS} ${JAVA_OPTIONS} -Djava.security.policy="${WL_HOME}/server/lib/weblogic.policy" -Dweblogic.nodemanager.javaHome="${JAVA_HOME}" -DListenAddress="${LISTEN_ADDRESS}" -DListenPort="${LISTEN_PORT}" -Dweblogic.security.SSL.Ciphersuites=TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA -Dweblogic.security.SSL.protocolVersion=TLS1 weblogic.NodeManager -v
I'm having a problem disabling ciphers less than 128 bits in the nodemanager on port 5556.
I have been able to force TLS which works fine.
When a retina scan is run, I get findings specifically flaging
DES-CBC-SHA and EDH-RSA-DES-CBC-SHA which are 56 bit and
EXP-DES-CBC-SHA, EXP-EDH-RSA-DES-CBC-SHA,and EXP-RC4-MD5 which are 40 bit ciphers
as being "accepted ssl ciphers".
I thought by setting the java options to the startNodeManager.sh (which we use to start the nodemanager) file as follows would disble these low ciphers:
"${JAVA_HOME}/bin/java" ${JAVA_VM} ${MEM_ARGS} ${JAVA_OPTIONS} -Djava.security.policy="${WL_HOME}/server/lib/weblogic.policy" -Dweblogic.nodemanager.javaHome="${JAVA_HOME}" -DListenAddress="${LISTEN_ADDRESS}" -DListenPort="${LISTEN_PORT}" -Dweblogic.security.SSL.Ciphersuites=TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA -Dweblogic.security.SSL.protocolVersion=TLS1 weblogic.NodeManager -v
0