In cryptography, a cipher is an algorithm for performing encryption or decryption i.e a series of well-defined steps that can be followed as a procedure. In SSL cipher suits are responsible for encryption.

To configure SSL in Weblogic follow this post

In Weblogic Application Server by default following ciphers are supported

Cipher Suite : TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Symmetric Key Strength (Bits): 168

Cipher Suite : TLS_DHE_RSA_WITH_DES_CBC_SHA
Symmetric Key Strength (Bits): 56

Cipher Suite : TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
Symmetric Key Strength (Bits): 40

Cipher Suite : TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
Symmetric Key Strength (Bits): 168

Cipher Suite : TLS_DH_anon_WITH_RC4_128_MD5
Symmetric Key Strength (Bits): 128

Cipher Suite: TLS_DH_anon_WITH_DES_CBC_SHA
Symmetric Key Strength (Bits): 56

Cipher Suite : TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
Symmetric Key Strength (Bits): 40

Cipher Suite : TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
Symmetric Key Strength (Bits): 40

Cipher Suite : TLS_DHE_RSA_EXPORT_WITH_DES_40_CBC_SHA
Symmetric Key Strength (Bits): 40

Cipher Suite : TLS_DH_anon_EXPORT_WITH_DES_40_CBC_SHA
Symmetric Key Strength (Bits): 40

Cipher Suite : TLS_RSA_WITH_RC4_128_SHA
Symmetric Key Strength (Bits): 128

Cipher Suite : TLS_RSA_WITH_RC4_128_MD5
Symmetric Key Strength (Bits): 128

Cipher Suite : TLS_RSA_WITH_DES_CBC_SHA
Symmetric Key Strength (Bits): 56

Cipher Suite : TLS_RSA_EXPORT_WITH_RC4_40_MD5
Symmetric Key Strength (Bits): 40

Cipher Suite : TLS_RSA_EXPORT_WITH_DES_40_CBC_SHA
Symmetric Key Strength (Bits): 40

Cipher Suite : TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
Symmetric Key Strength (Bits): 40

Cipher Suite : TLS_RSA_WITH_3DES_EDE_CBC_SHA
Symmetric Key Strength (Bits): 168

Cipher Suite : TLS_RSA_WITH_NULL_SHA
Symmetric Key Strength (Bits): 0

Cipher Suite : TLS_RSA_WITH_NULL_MD5
Symmetric Key Strength (Bits): 0

Cipher Suite : TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
Symmetric Key Strength (Bits): 56

Cipher Suite : TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
Symmetric Key Strength (Bits): 56

Cipher Suite : TLS_RSA_WITH_AES_128_CBC_SHA
Symmetric Key Strength (Bits): 128

Cipher Suite : TLS_RSA_WITH_AES_256_CBC_SHA
Symmetric Key Strength (Bits): 256

In the above list there are some cipher which are vulnerable. To close this ciphers we have do following:
Step 1 Stop weblogic Admin / Managed Server

Step 2 Go to Domain Home
For eg
cd /app/Oracle/Middleware/user_projects/domains/vidyadhar/

Step 3 Now we have to modify config file.

cd /app/Oracle/Middleware/user_projects/domains/vidyadhar/config

First we will take a backup of existing config.xml file

cp config.xml config.xml.orig

Step 4 To disable weak ciphers you have to add following under ssl tag in config.xml

<ciphersuite>TLS_RSA_WITH_RC4_128_SHA</ciphersuite>
<ciphersuite>TLS_RSA_WITH_RC4_128_MD5</ciphersuite>

See the screenshot for better understanding

In my scenario I am having only single Admin Server which is running on https 7002 port. If you have managed server which is running on https port then you have to add above values in the SSL tag of managed server also.

Step 5 Now do the start the weblogic services.

You can test the cipher suites using SSLDigger

Weak Ciphers in Weblogic Application Server

One thought on “Weak Ciphers in Weblogic Application Server

  • January 5, 2017 at 9:20 pm
    Permalink

    Thanks a lot fro post. That realy help to find ciphers are supported by weblogic !

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Recommend on Google