?
Solved

How do disable only TLSv1.0 in Oracle Sun One 7.1 Server

Posted on 2016-11-02
9
Medium Priority
?
204 Views
Last Modified: 2016-11-20
My apps colleague could only find the option to disable TLS completely but no option
was found to disable just TLS 1.0   in Oracle Sun One 7.1

We used https://www.ssllabs.com/ssltest   to test our external public site.

Our F5 LB guys says their LB/LTM device which does not pose this TLS 1.0 issue
as the same LB also hosts other sites.

We issued  in the Solaris 10 server  "netstat -anv | grep 443"  & found the processes
webserverd  (no httpd) listening on Tcp443 & my apps team says this is Sun One
& there's no other web server there.

Q1:
is there a patch or a setting for Sun One to disable just TLS 1.0?  The fact
that SSL 2 & 3 are set to No, it must have been set somewhere, right?
What did we miss?  

Below is the results from the SSLLabs scan:
TLS 1.2      Yes
TLS 1.1      Yes
TLS 1.0      Yes  <== need to disable this
SSL 3       No
SSL 2       No

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)   DH 1024 bits   FS   WEAK       256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)   DH 1024 bits   FS   WEAK       128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)   DH 1024 bits   FS   WEAK       256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   DH 1024 bits   FS   WEAK       256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67)   DH 1024 bits   FS   WEAK       128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   DH 1024 bits   FS   WEAK       128
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16)   DH 1024 bits   FS   WEAK       112



Q2:
After going to TLSv1.2, will some of the above weak ciphers go away too?
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 82

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 500 total points
ID: 41871555
you have to configure it.. I don't run oracle but here is the setup pages
https://docs.oracle.com/cd/B28359_01/network.111/b28530/asossl.htm#i1023429
0
 
LVL 79

Assisted Solution

by:arnold
arnold earned 1000 total points
ID: 41871565
Website, OpenSSL based
!tlsv1
Check within your SSL config dealing with ciphers, protocol

https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html

Are you using Apache httpd/tomcat?
0
 

Author Comment

by:sunhux
ID: 41872120
> Are you using Apache httpd/tomcat?
No, it's Sun One
0
7 Extremely Useful Linux Commands for Beginners

Just getting started with Linux? Here's a quick start guide that has 7 commands that we believe will come in handy.

 

Author Comment

by:sunhux
ID: 41872134
The link David gave doesn't look similar to Sun One
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 500 total points
ID: 41872192
A1: can you show online reference on WHY you should have SSL between proxy and backend inside your premises? In addition to backend you need to disable TLS1.0 in F5 client.

A2: No. Ciphers and SSL versions are independent.
0
 
LVL 79

Accepted Solution

by:
arnold earned 1000 total points
ID: 41872272
Sun one is presumably the product, the components are?
How did you disable sslv2, sslv3
Using the same method, tlsv1 would disable 1.0 while explicitly enabling tlsv1.1 and tlsv1.2 and tlsv1.3 might achieve what you want.

Check the secure config ciphers, protocol settings, options.
0
 

Author Comment

by:sunhux
ID: 41875306
> How did you disable sslv2, sslv3
Excellent tip, I'm going to  "grep -i ssl *"  to see where it is.
0
 

Author Comment

by:sunhux
ID: 41876020
https://docs.oracle.com/cd/E19412-01/819-0425-11/3_SunONE.html

Above is the closest link I can find on Sun 1
0
 
LVL 62

Expert Comment

by:gheist
ID: 41876032
Latest Sun One application server was 6.5 and that is EOL 2009.

What server you are using for SSL really?
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
In this article, we’ll look at how to deploy ProxySQL.
This video teaches users how to migrate an existing Wordpress website to a new domain.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question