Oracle Weblogic Server (MOSC)

MOSC Banner

Help with settings for startNodeManager.sh to diable ciphers < 128 bits.

edited Aug 8, 2013 10:26AM in Oracle Weblogic Server (MOSC) 11 commentsAnswered
Hello,
I'm having a problem disabling ciphers less than 128 bits in the nodemanager on port 5556.

I have been able to force TLS which works fine.

When a retina scan is run,  I get findings specifically flaging
DES-CBC-SHA and EDH-RSA-DES-CBC-SHA which are 56 bit and
EXP-DES-CBC-SHA, EXP-EDH-RSA-DES-CBC-SHA,and  EXP-RC4-MD5 which are 40 bit ciphers
as being "accepted ssl ciphers".

I thought by setting the java options to the startNodeManager.sh (which we use to start the nodemanager) file as follows would disble these low ciphers:

    "${JAVA_HOME}/bin/java" ${JAVA_VM} ${MEM_ARGS} ${JAVA_OPTIONS} -Djava.security.policy="${WL_HOME}/server/lib/weblogic.policy" -Dweblogic.nodemanager.javaHome="${JAVA_HOME}" -DListenAddress="${LISTEN_ADDRESS}" -DListenPort="${LISTEN_PORT}" -Dweblogic.security.SSL.Ciphersuites=TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA -Dweblogic.security.SSL.protocolVersion=TLS1 weblogic.NodeManager -v 

Howdy, Stranger!

Log In

To view full details, sign in to My Oracle Support Community.

Register

Don't have a My Oracle Support Community account? Click here to get started.

Category Leaderboard

Top contributors this month

New to My Oracle Support Community? Visit our Welcome Center

MOSC Help Center