[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

How do disable only TLSv1.0 in Oracle Sun One 7.1 Server

Posted on 2016-11-02
9
Medium Priority
?
248 Views
Last Modified: 2016-11-20
My apps colleague could only find the option to disable TLS completely but no option
was found to disable just TLS 1.0   in Oracle Sun One 7.1

We used https://www.ssllabs.com/ssltest   to test our external public site.

Our F5 LB guys says their LB/LTM device which does not pose this TLS 1.0 issue
as the same LB also hosts other sites.

We issued  in the Solaris 10 server  "netstat -anv | grep 443"  & found the processes
webserverd  (no httpd) listening on Tcp443 & my apps team says this is Sun One
& there's no other web server there.

Q1:
is there a patch or a setting for Sun One to disable just TLS 1.0?  The fact
that SSL 2 & 3 are set to No, it must have been set somewhere, right?
What did we miss?  

Below is the results from the SSLLabs scan:
TLS 1.2      Yes
TLS 1.1      Yes
TLS 1.0      Yes  <== need to disable this
SSL 3       No
SSL 2       No

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)   DH 1024 bits   FS   WEAK       256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)   DH 1024 bits   FS   WEAK       128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)   DH 1024 bits   FS   WEAK       256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   DH 1024 bits   FS   WEAK       256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67)   DH 1024 bits   FS   WEAK       128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   DH 1024 bits   FS   WEAK       128
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16)   DH 1024 bits   FS   WEAK       112



Q2:
After going to TLSv1.2, will some of the above weak ciphers go away too?
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 83

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 500 total points
ID: 41871555
you have to configure it.. I don't run oracle but here is the setup pages
https://docs.oracle.com/cd/B28359_01/network.111/b28530/asossl.htm#i1023429
0
 
LVL 80

Assisted Solution

by:arnold
arnold earned 1000 total points
ID: 41871565
Website, OpenSSL based
!tlsv1
Check within your SSL config dealing with ciphers, protocol

https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html

Are you using Apache httpd/tomcat?
0
 

Author Comment

by:sunhux
ID: 41872120
> Are you using Apache httpd/tomcat?
No, it's Sun One
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 

Author Comment

by:sunhux
ID: 41872134
The link David gave doesn't look similar to Sun One
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 500 total points
ID: 41872192
A1: can you show online reference on WHY you should have SSL between proxy and backend inside your premises? In addition to backend you need to disable TLS1.0 in F5 client.

A2: No. Ciphers and SSL versions are independent.
0
 
LVL 80

Accepted Solution

by:
arnold earned 1000 total points
ID: 41872272
Sun one is presumably the product, the components are?
How did you disable sslv2, sslv3
Using the same method, tlsv1 would disable 1.0 while explicitly enabling tlsv1.1 and tlsv1.2 and tlsv1.3 might achieve what you want.

Check the secure config ciphers, protocol settings, options.
0
 

Author Comment

by:sunhux
ID: 41875306
> How did you disable sslv2, sslv3
Excellent tip, I'm going to  "grep -i ssl *"  to see where it is.
0
 

Author Comment

by:sunhux
ID: 41876020
https://docs.oracle.com/cd/E19412-01/819-0425-11/3_SunONE.html

Above is the closest link I can find on Sun 1
0
 
LVL 62

Expert Comment

by:gheist
ID: 41876032
Latest Sun One application server was 6.5 and that is EOL 2009.

What server you are using for SSL really?
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Dramatic changes are revolutionizing how we build and use technology. Every company is automating, digitizing, and modernizing operations. We need a better, more connected way to work together as teams so we can harness the insights from our system…
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
This tutorial demonstrates how to identify and create boundary or building outlines in Google Maps. In this example, I outline the boundaries of an enclosed skatepark within a community park.  Login to your Google Account, then  Google for "Google M…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question