Oracle Weblogic Server (MOSC)

MOSC Banner

SSL Medium Strength Cipher Suites Supported (SWEET32) on Weblogic Server

in Oracle Weblogic Server (MOSC) 2 commentsAnswered

We have been informed by IT Security team regarding our Weblogic server is vulnerable by captioned issue. We have tried to modified java security configuration and openSSL configuration file to see if this alert to be gone. Unfortunately, the alert is still occurred after changes. Here is what I have done.

ssl.conf

SSLProtocol -ALL -SSLv3 -TLSv1 +TLSv1.2

SSLCipherSuite HIGH:!ECDHE-ECDSA-AES128-GCM-SHA256:!ECDHE-RSA-AES128-GCM-SHA256:!ECDHE-ECDSA-AES256-GCM-SHA384:!ECDHE-RSA-AES256-GCM-SHA384:!ECDHE-ECDSA-CHACHA20-POLY1305:!ECDHE-RSA-CHACHA20-POLY1305:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES256-GCM-SHA384

Please suggest any more configuration is needed. I have also found in Google, and seen some suggestion to add value to java startup scripts. If it's true, then should I add them to each server startup parameter? Or I can add into any Java configuration that can be affected globally.

Howdy, Stranger!

Log In

To view full details, sign in to My Oracle Support Community.

Register

Don't have a My Oracle Support Community account? Click here to get started.

Category Leaderboard

Top contributors this month

Instructions for posting

×

1. Select a discussion category from the picklist.


2. Enter a title that clearly identifies the subject of your question.


3. In the body, insert detailed information, including Oracle product and version.


Please abide by the Oracle Community guidelines and refrain from posting any customer or personally identifiable information (PI/CI).


Cloud / Fusion customers - Our Cloud community has moved! Please go to Cloud Customer Connect .


New to My Oracle Support Community? Visit our Welcome Center

MOSC Help Center