Configure JCE Provider with Weblogic Server

Download any JCE Provider. These JCE providers provide additional cryptographic algorithms to secure the communication.
Bouncy castle is one such freely available JCE provider.

To configure it place the provider jar file in the java-home/jre/lib/ext/ folder and add the following line in java.security file in the jre\lib\security folder.

security.provider.n=org.bouncycastle.jce.provider.BouncyCastleProvider

Where n is the order of preference to be used by Weblogic Server when evaluating security providers.

Restart your Weblogic Server with SSL enabled.

Go through the snippet of the log files to see the additional cryptographic algorithms made available by configuring the JCE provider.

<TLS_RSA_WITH_AES_128_CBC_SHA>
<TLS_RSA_WITH_AES_256_CBC_SHA>
<TLS_RSA_WITH_3DES_EDE_CBC_SHA>
<TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA>
<TLS_RSA_WITH_DES_CBC_SHA>
<TLS_DHE_RSA_WITH_DES_CBC_SHA>
<TLS_RSA_EXPORT1024_WITH_RC4_56_SHA>
<TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA>
<TLS_RSA_EXPORT_WITH_RC4_40_MD5>
<TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA>
<TLS_RSA_EXPORT_WITH_DES40_CBC_SHA>
<TLS_RSA_WITH_NULL_MD5>
<TLS_RSA_WITH_NULL_SHA>
<TLS_DH_anon_WITH_3DES_EDE_CBC_SHA>
<TLS_DH_anon_WITH_RC4_128_MD5>
<TLS_DH_anon_WITH_DES_CBC_SHA>
<TLS_DH_anon_EXPORT_WITH_RC4_40_MD5>
<TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA>
<TLS_DHE_RSA_EXPORT_WITH_DES_40_CBC_SHA>
<TLS_RSA_EXPORT_WITH_DES_40_CBC_SHA>
<TLS_DH_anon_EXPORT_WITH_DES_40_CBC_SHA>

References

http://download.oracle.com/docs/cd/E13222_01/wls/docs81/secmanage/ssl.html#1176662
http://docs.sun.com/app/docs/doc/819-3658/ablsc?a=view

Leave a Reply