Configuring Strong Ciphers on Linux OS

Security Vulnerabilities at IP

Environment Description:

OS – Oracle V 6.6              Weblogic Version – 12.2.1.0

Application Server IP : 192.168.0.132        Port : 8001

Soon after Nessus scan security vulnerabilities are detected as below for the above mentioned IP and port.

1. SSL RC4 Cipher Suites Supported (Bar Mitzvah)
2. SSL 64-bit Block Size Cipher Suites Supported (SWEET32)
3. SSL Medium Strength Cipher Suites Supported
4. SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)

This means that the cipher suites which are using the ciphers are weak and needs to be reconfigured with stronger ciphers.

Check the java version and validate the ciphers list.

Java version can be checked as below in terminal :

JavaVersion

Now what is required is to check , whether ciphers which we will add in application server configuration is supported by java version. The below link contains more details on ciphers suites.

http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider

Now to add the ciphers in Oracle WebLogic Application Server follow the below steps.

Step 1 : Go to config folder (Directory structure may be different for different environments but configuration remains the same). for example my directory structure is as below :

DirectoryWBLDirectoryWBLDirectoryWBL

Step 2 : it is very important to take backup of config.xml file as it is a very important file and holds all application server configuration.

ConfigXMLBackup

Step 3 : Edit config.xml file as below

CiphersConfigXML

Step 4 : Save the config.xml file and restart the server.

Step 5 : Rescan the IP again either with nmap or nessus and you will find the vulnerabilities are eliminated now.

Note : I have added Advanced Encryption Securities with 128 and 256 encryption, you can more strong ciphers as per the security requirement.

Cheers..!

Leave a Reply