To restrict keysize larger than 128 bit we need to select only those cipher suites in the configuration which use 128 bit key.
Sample config:-
<ssl>
<enabled>true</enabled>
<ciphersuite>TLS_RSA_WITH_RC4_128_SHA</ciphersuite>
<ciphersuite>TLS_RSA_WITH_RC4_128_MD5</ciphersuite>
<hostname-verification-ignored>true</hostname-verification-ignored>
<listen-port>7002</listen-port>
<server-private-key-alias>xxxxxxx </server-private-key-alias>
<server-private-key-pass-phrase-encrypted>xxxxxx</server-private-key-pass-phrase-encrypted>
</ssl>
List of Ciphersuites Supported by Weblogic Server are:-
Cipher Suite Symmetric Key Strength
TLS_RSA_WITH_RC4_128_SHA 128
TLS_RSA_WITH_RC4_128_MD5 128
TLS_RSA_WITH_DES_CBC_SHA 56
TLS_RSA_EXPORT_WITH_RC4_40_MD5 40
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 40
TLS_RSA_WITH_3DES_EDE_CBC_SHA 112
TLS_RSA_WITH_NULL_SHA 0
TLS_RSA_WITH_NULL_MD5 0
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA 56
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA 56
TLS_RSA_WITH_AES_128_CBC_SHA 128
TLS_RSA_WITH_AES_256_CBC_SHA 256
In the past I have seen that AES_256 does not work until we download the unlimited jurisdiction jars from SUN.
Download JCE_policy_1.5_0.zip
Place it in /JRE/lib/Security/
Also Replace localpolicy.jar & US_Export_Policy.jar
This helps in getting rid of Cipher Suite not initialized errors.
Reference:-
1) http://download.oracle.com/docs/cd/E11035_01/wls100/secintro/concepts.html#wp1123076
Hello Faisal,I am trying to modify the cipher suite used by nodemanager's SSL protocol.How do I get the Nodemanager to use the cipher settings you specified?Regards,Akshay
Hi Akshay,You might find this discussion usefulhttp://forums.oracle.com/forums/message.jspa?messageID=4098485#4098485
Hello Faisal,Thanks a lot…:)It worked !!!Regards,Akshay