![]() Should you need to enforce cipher order, take a look at the SSLHonorCipherOrder Directive. MOS Note 2212006.1 - EM 13c: Enterprise Manager 13c Cloud Control Configuration to Support Transport Layer Security Protocol:TLSv1.2 only.MOS Note 2138391.1 - EM 13c: How to Disable Weak SSLCipherSuites in Enterprise Manager 13c Cloud Control.How to do that and also more details on the above can be found at: it should fail for -tls1 and -tls1_1, but succeed with -tls1_2 if above changesįor the server site, you'll need to adjust multiple components: OMS (OHS component), WLS, OHS Admin Port. AES128) a list of session properties should be returned. RC4) you should receive a "handshake alert error" – while Openssl s_client -connect localhost:3872 -tls1_1 # should fail Openssl s_client -connect localhost:3872 -cipher RC4 # should fail Openssl s_client -connect localhost:3872 -tls1_2 # should succeed Openssl s_client -connect localhost:3872 -cipher AES # should succeed The „underscore parameter“ won't be accepted by setproperty or getproperty,īut do not seem to be required either: after applying the above to a 13.4 agent,Ĭonnections with TLS : -cipher # check TLS version $AGENT_BASE/agent_inst/bin/emctl setproperty agent -name SSLCipherSuites \ In practice it will usually suffice to $AGENT_BASE/agent_inst/bin/emctl setproperty agent -name minimumTLSVersion \ That's what the MOS notes say (see below). # set the cipher suites $AGENT_BASE/agent_inst/bin/emctl setproperty agent -name SSLCipherSuites \ # Take a backup and edit /sysman/config/emd.properties file # add the following lines and then save the file again: That done, restart the agents on all affected machines: emctl stop agent
0 Comments
Leave a Reply. |