Oracle Business Intelligence

Products Banner

Prioritise Stronger Encryption Connection Over Weaker Encryption Connection

Submitted
11
Views
0
Comments

Organization Name (Required - If you are an Oracle Partner, please provide the organization you are logging the idea on behalf of):

Standard Life

Description (Required):

Oracle HCM BI SFTP client is connecting to the on-premises server with an insecure encryption standard.

The standard is a key exchange algorithm called diffie-hellman-group14-sha1. There are known vulnerabilities with the SHA1, so our internal security standards classify it as “Not Approved”, which is in-line with the industry as a whole.

Instead, Oracle SFTP needs to support one of these algorithms, which all use SHA2+ and not SHA1:

diffie-hellman-group18-sha512

diffie-hellman-group17-sha512

diffie-hellman-group16-sha512

diffie-hellman-group14-sha256

diffie-hellman-group-exchange-sha256

ecdh-sha2-nistp384

ecdh-sha2-nistp521

rsa2048-sha256

Use Case and Business Need (Required):

Oracle HCM BI SFTP server configuration should have prioritisation of encryption algorithm in following order -

diffie-hellman-group-exchange-sha256

diffie-hellman-group14-sha1

diffie-hellman-group1-sha1

diffie-hellman-group-exchange-sha1


Currently, the prioritisation seems to be in following order -

diffie-hellman-group14-sha1

diffie-hellman-group-exchange-sha256

diffie-hellman-group-exchange-sha1

diffie-hellman-group1-sha1

Enhancement Request / Service Request:

SR 3-28524533651

1 votes

Submitted · Last Updated