How do disable only TLSv1.0 in Oracle Sun One 7.1 Server

My apps colleague could only find the option to disable TLS completely but no option
was found to disable just TLS 1.0   in Oracle Sun One 7.1

We used https://www.ssllabs.com/ssltest   to test our external public site.

Our F5 LB guys says their LB/LTM device which does not pose this TLS 1.0 issue
as the same LB also hosts other sites.

We issued  in the Solaris 10 server  "netstat -anv | grep 443"  & found the processes
webserverd  (no httpd) listening on Tcp443 & my apps team says this is Sun One
& there's no other web server there.

Q1:
is there a patch or a setting for Sun One to disable just TLS 1.0?  The fact
that SSL 2 & 3 are set to No, it must have been set somewhere, right?
What did we miss?  

Below is the results from the SSLLabs scan:
TLS 1.2      Yes
TLS 1.1      Yes
TLS 1.0      Yes  <== need to disable this
SSL 3       No
SSL 2       No

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)   DH 1024 bits   FS   WEAK       256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)   DH 1024 bits   FS   WEAK       128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)   DH 1024 bits   FS   WEAK       256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   DH 1024 bits   FS   WEAK       256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67)   DH 1024 bits   FS   WEAK       128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   DH 1024 bits   FS   WEAK       128
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16)   DH 1024 bits   FS   WEAK       112



Q2:
After going to TLSv1.2, will some of the above weak ciphers go away too?
sunhuxAsked:
Who is Participating?
 
arnoldConnect With a Mentor Commented:
Sun one is presumably the product, the components are?
How did you disable sslv2, sslv3
Using the same method, tlsv1 would disable 1.0 while explicitly enabling tlsv1.1 and tlsv1.2 and tlsv1.3 might achieve what you want.

Check the secure config ciphers, protocol settings, options.
0
 
David Johnson, CD, MVPConnect With a Mentor OwnerCommented:
you have to configure it.. I don't run oracle but here is the setup pages
https://docs.oracle.com/cd/B28359_01/network.111/b28530/asossl.htm#i1023429
0
 
arnoldConnect With a Mentor Commented:
Website, OpenSSL based
!tlsv1
Check within your SSL config dealing with ciphers, protocol

https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html

Are you using Apache httpd/tomcat?
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
sunhuxAuthor Commented:
> Are you using Apache httpd/tomcat?
No, it's Sun One
0
 
sunhuxAuthor Commented:
The link David gave doesn't look similar to Sun One
0
 
gheistConnect With a Mentor Commented:
A1: can you show online reference on WHY you should have SSL between proxy and backend inside your premises? In addition to backend you need to disable TLS1.0 in F5 client.

A2: No. Ciphers and SSL versions are independent.
0
 
sunhuxAuthor Commented:
> How did you disable sslv2, sslv3
Excellent tip, I'm going to  "grep -i ssl *"  to see where it is.
0
 
sunhuxAuthor Commented:
https://docs.oracle.com/cd/E19412-01/819-0425-11/3_SunONE.html

Above is the closest link I can find on Sun 1
0
 
gheistCommented:
Latest Sun One application server was 6.5 and that is EOL 2009.

What server you are using for SSL really?
0
All Courses

From novice to tech pro — start learning today.