My apps colleague could only find the option to disable TLS completely but no option
was found to disable just TLS 1.0 in Oracle Sun One 7.1
We used https://www.ssllabs.com/ssltest
to test our external public site.
Our F5 LB guys says their LB/LTM device which does not pose this TLS 1.0 issue
as the same LB also hosts other sites.
We issued in the Solaris 10 server "netstat -anv | grep 443" & found the processes
webserverd (no httpd) listening on Tcp443 & my apps team says this is Sun One
& there's no other web server there.
is there a patch or a setting for Sun One to disable just TLS 1.0? The fact
that SSL 2 & 3 are set to No, it must have been set somewhere, right?
What did we miss?
Below is the results from the SSLLabs scan:
TLS 1.2 Yes
TLS 1.1 Yes
TLS 1.0 Yes <== need to disable this
SSL 3 No
SSL 2 No
CM_SHA384 (0x9f) DH 1024 bits FS WEAK 256
CM_SHA256 (0x9e) DH 1024 bits FS WEAK 128
BC_SHA256 (0x6b) DH 1024 bits FS WEAK 256
BC_SHA (0x39) DH 1024 bits FS WEAK 256
BC_SHA256 (0x67) DH 1024 bits FS WEAK 128
BC_SHA (0x33) DH 1024 bits FS WEAK 128
CBC_SHA (0x16) DH 1024 bits FS WEAK 112
After going to TLSv1.2, will some of the above weak ciphers go away too?