BLUF: What is the proper way to harden a Windows installation of an Oracle 11g standalone Enterprise Manager against SWEET32 without breaking backups and other functions.
Our security group is reporting that a server running 11.2.0.4 is vulnerable to sweet32 because 3DES is allowed. I thought I'd managed to resolve the problem by editing emd.properties and setting the SSLCipherSuites as well as having the server admin correct the registry to disallow 3des. The problem is, that broke backups with a bunch of errors like this one oracle.sysman.emSDK.emd.comm.CommException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
I thought I figured it out, but made it worse.