Forum Stats

  • 3,838,629 Users
  • 2,262,385 Discussions
  • 7,900,714 Comments

Discussions

Tuxedo 12cR1 SSL cipher suite selection

user1821551
user1821551 Member Posts: 13
edited Jul 3, 2015 11:09AM in Tuxedo

Hi all,

After migration from Tuxedo 10gR3 (Linux 32-bit) to Tuxedo 12cR1 (Solaris SPARC 64-bit)

during SSL negotiation SSL_RSA_WITH_RC4_128_MD5 cipher suite are selected.

Before on Tuxedo 10gR3 it has always been SSL_RSA_WITH_RC4_128_SHA.

Encryption level for WSL: "-z 128 -Z 256".

When connecting with 12cR1 client in SSL-trace log we can see the following cipher suite sequence:

ClientHello[53]

  client_version

    TLSV1

  random[32]

    55 93 DB 9A 29 97 3C 5D  EB 56 F5 3D 75 5C D6 4C

    C6 E0 43 64 53 3A CB 49  73 11 86 0D B0 89 EF 54

  session_id[0]

  cipher_suites[14]

    TLS_RSA_WITH_RC4_128_MD5

    TLS_RSA_WITH_RC4_128_SHA

    TLS_RSA_WITH_AES_128_CBC_SHA

    TLS_RSA_WITH_3DES_EDE_CBC_SHA

    TLS_DH_anon_WITH_3DES_EDE_CBC_SHA

    TLS_RSA_WITH_DES_CBC_SHA

    TLS_DH_anon_WITH_DES_CBC_SHA

...

ServerHello[38]

  server_version

    TLSV1

  random[32]

    55 93 DE E3 6D 56 01 EC  7C D1 4D AA 2B 1C E5 87

    E9 90 89 AE 82 52 4E D9  87 4E 5E D6 44 08 EE F0

  session_id[0]

  cipher_suite

    TLS_RSA_WITH_RC4_128_MD5

When connecting with 10gR3 client:

ClientHello[51]

  client_version

    TLSV1

  random[32]

    55 93 DA 03 C5 60 1D 23  B7 BF 20 BA B3 AC E1 24

    08 14 21 5A 6C D2 E6 F7  20 8F 97 D0 5D 78 21 89

  session_id[0]

  cipher_suites[12]

    TLS_RSA_WITH_RC4_128_SHA

    TLS_RSA_WITH_RC4_128_MD5

    TLS_RSA_WITH_3DES_EDE_CBC_SHA

    TLS_RSA_WITH_DES_CBC_SHA

    2

    1

...

ServerHello[38]

  server_version

    TLSV1

  random[32]

    55 93 D9 AC 76 CA 5C CF  75 8E E3 DA 34 3C E4 01

    AB 4F 6D 48 0E 7A F0 0A  6C 45 AC D4 C0 21 16 D1

  session_id[0]

  cipher_suite

    TLS_RSA_WITH_RC4_128_SHA

What changes do we must to do in configuration to get SSL_RSA_WITH_RC4_128_SHA cipher suite?

Tagged:

Answers

  • Todd Little-Oracle
    Todd Little-Oracle Member Posts: 1,617 Employee
    edited Jul 3, 2015 11:09AM

    Hi,

    Is there a reason you want SSL_RSA_WITH_RC4_128_SHA instead of SSL_RSA_WITH_RC4_128_MD5?

    At the moment there isn't a way to specify the specific cipher suite to use.  If you need control over this, please open a enhancement request in My Oracle Support as I think it is a reasonable request.

    Regards,

    Todd Little

    Oracle Tuxedo Chief Architect

This discussion has been closed.