Need help with weak cipher revealed in vulnerability scan of WLS 10.3.2
I know someone that is running 10.3.2 WebLogic (I've told them they need to upgrade and they are, but need to get past this first) and had a vulnerability scan ran against them.
The scan said this:
---------------------------------------------------------------------
Tested: Accepted SSL Cipher Algorithm(s):
^(ADH-AES128-SHA | ADH-AES256-SHA | ADH-DES-CBS-SHA | ADH-DES-CBC3-SHA | ADH-RC4-MD5 | AECDH-AES128-SHA | AECDH-AES256-SHA | AECDH-DES-CBC3-SHA | AECDH-NULL-SHA | AECDH-RC4-SHA | DES-CBC,
Found: EXP-RC4-MD5, Context: TCP:5556;
--------------------------------------------------------------------
I know this is stating they have a weak cipher. Does anyone have a "clear solution" on how to add this in the console to disable weak ciphers, or how to add it to the config.xml?