Forum Stats

  • 3,855,559 Users
  • 2,264,522 Discussions
  • 7,906,065 Comments

Discussions

Oracle VM - 3.4.6.2 - OVS server :8899 - TLS1 (how to enforce TLS1.2?)

User_S1173
User_S1173 Member Posts: 20 Red Ribbon
edited May 9, 2020 10:36AM in Oracle VM Server for x86

Hi.

Network security scans are showing all Oracle VM servers are allowing TLS1 on port 8899.

I have seen this article -> https://docs.oracle.com/cd/E64076_01/E64078/html/vmiug-manager-tls1-enable.html

And can confirm I haven't got the 'ALLOWTLS1=YES' option on the Oracle VM manager.

i.e

On a OVS server ->

openssl s_client -connect 127.0.0.1:8899

Shows

----

SSL handshake has read 1359 bytes and written 577 bytes

New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384

Server public key is 2048 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

----

How can I enforce TLS 1.2 on the port ovs-agent is using - 8899 ?

Thanks

Answers

  • Harshita Jain-Oracle
    Harshita Jain-Oracle Member Posts: 18 Employee
    edited May 9, 2020 10:36AM

    Hi,

    Have you tried the below?

    When all your Oracle VM Servers have been upgraded to the latest release, it is recommended that you reset the security protocol in Oracle VM Manager to the default. Disable TLSv1 and revert to the TLSv1.2 protocol as follows:

    Start an ssh session to the Oracle VM Manager instance.

    Open /etc/sysconfig/ovmm for editing and remove the following line:

    ALLOWTLS1=YES

    Save and close /etc/sysconfig/ovmm.

    Restart Oracle VM Manager for the setting to take effect.

    Regards,

    Harshita

    # /sbin/service ovmm restart