Skip to Main Content

Security Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Encryption Vulnerability Security SCAN DS

807573Mar 12 2008 — edited Mar 12 2008
I created DS instances. While running security scan for Encryption Vulnerability I found out that following ports are supporting weak SSL.

port 636/tcp over SSL
port 11163/tcp over SSL
port 32772/tcp over SSL
port 3999/tcp over SSL
port 1636/tcp over SSL
How to Disable ciphers which support cleartext communication. Or what is fix for this.

Thanks
Pramod

Comments

807573
You can disable SSL2 changing the nsSSL2 to off at cn=encryption,cn=config or you can remove the Ciphers that you don't want to support removing them from nsSSL2Ciphers and nsSSL3Ciphers attributes.

Fede
807573
Thanks Fede.

I looked my dse.ldif file.

It lloks like this ....


dn: cn=encryption,cn=config
objectClass: top
objectClass: nsEncryptionConfig
cn: encryption
nsSSLSessionTimeout: 0
nsSSLClientAuth: allowed
nsSSLServerAuth: cert
nsSSL2: off
nsSSL3: on
nsSSL3Ciphers: all
nsKeyfile: alias/slapd-key3.db
nsCertfile: alias/slapd-cert8.db
numSubordinates: 1


nsSSL2 is already off.

Thanks
Pramod
1 - 2
Locked Post
New comments cannot be posted to this locked post.

Post Details