2 Replies Latest reply on Jan 31, 2020 1:55 PM by hal9000akilroy

    https tls ERR_SSL_VERSION_OR_CIPHER_MISMATCH

    hal9000akilroy

      Hi

      Enabling TLS in Oracle E-Business Suite Release 12.2 (Doc ID 1367293.1)

       

      doing the TLS setup i'm at 5.2 step 11

      after restarting if i try to login in EBS

      chrome display message ERR_SSL_VERSION_OR_CIPHER_MISMATCH

       

      looks something is wrong in 5.2 step 9 in the ssl.conf file but dont understand what

       

      any idea

      thanks

       

      # +======================================================================+

      # |    Copyright (c) 2005, 2016 Oracle and/or its affiliates.           |

      # |                         All rights reserved.                         |

      # |                           Version 12.0.0                             |

      # +======================================================================+

      #

      # $Header: ssl_conf_FMW.tmp 120.5.12020000.3 2016/11/22 07:44:30 kmandal ship $

      #

      # This template is used to seed the initial ssl.conf. After that, AutoConfig does not manage ssl.conf changes.

      # It is advisable to perform OHS configuration changes through EM console.

      # The default EM console URL is  http://quea01303.unix.quebec.local:7003/em

      #

      ###################################################################

      # Oracle HTTP Server mod_ossl configuration file: ssl.conf        #

      ###################################################################

       

       

      # OHS Listen Port

      Listen 4483

       

       

      <IfModule ossl_module>

              ##

              ##  SSL Global Context

              ##

              ##  All SSL configuration in this context applies both to

              ##  the main server and all SSL-enabled virtual hosts.

              ##

       

       

              #

              #   Some MIME-types for downloading Certificates and CRLs

              AddType application/x-x509-ca-cert .crt

              AddType application/x-pkcs7-crl    .crl

       

       

              #   Pass Phrase Dialog:

              #   Configure the pass phrase gathering process.

              #   The filtering dialog program (`builtin' is a internal

              #   terminal dialog) has to provide the pass phrase on stdout.

              SSLPassPhraseDialog  builtin

       

       

              #   Inter-Process Session Cache:

              #   Configure the SSL Session Cache: First the mechanism

              #   to use and second the expiring timeout (in seconds).

              SSLSessionCache "shmcb:${ORACLE_INSTANCE}/diagnostics/logs/${COMPONENT_TYPE}/${COMPONENT_NAME}/ssl_scache(512000)"

              SSLSessionCacheTimeout  300

       

       

              #   Semaphore:

              #   Configure the path to the mutual exclusion semaphore the

              #   SSL engine uses internally for inter-process synchronization.

              <IfModule mpm_winnt_module>

                      SSLMutex "none"

              </IfModule>

              <IfModule !mpm_winnt_module>

                      SSLMutex pthread

              </IfModule>

       

       

       

       

              ##

              ## SSL Virtual Host Context

              ##

              <VirtualHost _default_:4483>

       

       

                      # This directive toggles the usage of the SSL/TLS Protocol Engine for proxy. This is usually used inside a <VirtualHost> section to enable SSL/TLS for proxy usage in a particular virtual host.

                      # By default the SSL/TLS Protocol Engine is disabled for proxy both for the main server and all configured virtual hosts. Note that the SSLProxyEngine directive should not, in general,

                      # be included in a virtual host that will be acting as a forward proxy (using <Proxy> or ProxyRequests directives). SSLProxyEngine is not required to enable a forward proxy server to proxy SSL/TLS requests.

                      SSLProxyEngine ON

                      #Specifies the location of the wallet containing the certificates to use when opening proxy connections. Syntax         SSLProxyWallet wrl

                      SSLProxyWallet "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default"

       

       

                      <IfModule ossl_module>

                              #  General setup for the virtual host

                              DocumentRoot "/applsivint/fs2/inst/apps/SIVINT_qued01320/portal"

                              ServerName qued01320.unix.quebec.local

                              ServerAdmin applmgr@unix.quebec.local

       

       

                              LogLevel warn

                              ErrorLog "|${ORACLE_HOME}/ohs/bin/rotatelogs ${ORACLE_INSTANCE}/diagnostics/logs/${COMPONENT_TYPE}/${COMPONENT_NAME}/error_log 86400"

                              TransferLog "|${ORACLE_HOME}/ohs/bin/rotatelogs ${ORACLE_INSTANCE}/diagnostics/logs/${COMPONENT_TYPE}/${COMPONENT_NAME}/access_log 86400"

       

       

       

       

                              #  SSL Engine Switch:

                              #  Enable/Disable SSL for this virtual host.

                              SSLEngine on

       

       

                              #  Client Authentication (Type):

                              #  Client certificate verification type and depth.  Types are

                              #  none, optional and require.

                              SSLVerifyClient none

       

       

                              #  SSL Cipher Suite:

                              #  List the ciphers that the client is permitted to negotiate.

                              #SSLCipherSuite SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA

                              # Commenting off the default CipherSuite and added strong Cipher Suite as part of bug 9284427

                              SSLProtocol TLSv1 TLSv1.1 TLSv1.2

                              SSLCipherSuite HIGH:MEDIUM:!aNULL:!RC4:!3DES:!SEED:!IDEA:!CAMELLIA:+HIGH:+MEDIUM

       

       

                              # SSL Certificate Revocation List Check

                              # Valid values are On and Off

                              SSLCRLCheck Off

       

       

                              #Path to the wallet

                              SSLWallet  "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default"

                              #SSLWallet file:/applsivprod/fs_ne/inst/SIVPROD_quea01303/certs/Apache

       

       

                              <FilesMatch "\.(cgi|shtml|phtml|php)$">

                                      SSLOptions +StdEnvVars

                              </FilesMatch>

       

       

                              <Directory "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/cgi-bin">

                                      SSLOptions +StdEnvVars

                              </Directory>

       

       

                              BrowserMatch ".*MSIE.*" \

                              nokeepalive ssl-unclean-shutdown \

                              downgrade-1.0 force-response-1.0

       

       

       

       

                              #   Per-Server Logging:

                              #   The home of a custom SSL log file. Use this when you want a

                              #   compact non-error SSL logfile on a virtual host basis.

                              CustomLog "|${ORACLE_HOME}/ohs/bin/rotatelogs ${ORACLE_INSTANCE}/diagnostics/logs/${COMPONENT_TYPE}/${COMPONENT_NAME}/ssl_request_log 86400" \

                              "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

       

       

                              #

                              # Turn on the rewrite engine

                              #

                              RewriteEngine ON

                              RewriteLog ${ORACLE_INSTANCE}/diagnostics/logs/${COMPONENT_TYPE}/${COMPONENT_NAME}/mod_rewrite.log

                              RewriteLogLevel 0

                              include ${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/oracle_apache_ssl.conf

       

       

                      </IfModule>

              </VirtualHost>

       

       

      </IfModule>

        • 1. Re: https tls
          SMOOTHEDATH

          Hello

           

          Could you please check below note ?

           

          ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error In Chrome Browser (Doc ID 2572714.1)

           

          Thanks & Regards

          Sohin

          • 2. Re: https tls
            hal9000akilroy

            Hi

            saw that note tryed some different config that i saw on oracle.support.com

             

            SSLProtocol all -SSLv2 -SSLv3

            SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM

             

             

             

            SSLProtocol TLSv1 TLSv1.1 TLSv1.2

            SSLCipherSuiteHIGH:MEDIUM:!aNULL:!RC4:+HIGH:+MEDIUM

             

             

            SSLProtocol all

            SSLCipherSuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_CBC_SHA256,SSL_RSA_WITH_AES_256_CBC_SHA

             

            but still the same problem chrome display message ERR_SSL_VERSION_OR_CIPHER_MISMATCH

            firefox display message Error code: SSL_ERROR_NO_CYPHER_OVERLAP

             

            is there a doc that explain those 2 parameter, can't find it

             

            thanks