Skip to Main Content

Enterprise Manager

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

CVE-2016-2183 vulnerability detected in Oracle EM 11g (windows), how to correct

2820328Dec 21 2016 — edited Dec 21 2016

BLUF:  What is the proper way to harden a Windows installation of an Oracle 11g standalone Enterprise Manager against SWEET32 without breaking backups and other functions.

Our security group is reporting that a server running 11.2.0.4 is vulnerable to sweet32 because 3DES is allowed.  I thought I'd managed to resolve the problem by editing emd.properties and setting the SSLCipherSuites as well as having the server admin correct the registry to disallow 3des.  The problem is, that broke backups with a bunch of errors like this one oracle.sysman.emSDK.emd.comm.CommException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

I thought I figured it out, but made it worse.

Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jan 18 2017
Added on Dec 21 2016
2 comments
852 views