My company has just upgraded from Oracle 9i to 11g and we are running security scans to lock down any vulnerabilities before it goes into production. We are using Tenable's Nessus scan, which found a medium security risk "SSL Weak Cipher Suites Supported" on port 5501. This is the port that one of our Enterprise Manager sites runs on. I am trying to address that issue and coming across some difficulty.
I have googled the issue and attempted the following things so far:
1.) Editing the
EMAGENT_HOME\sysman\config\emd.properties file and setting the following setting then restarting the EM Service
# This parameter sets the allowed cipher suites, seperated by ':'
# If not specified, the default list is:
SSLCipherSuites=SSL_RSA_WITH_3DES_EDE_CBC_SHA
2.) Editing the Registry per this website and rebooting the server
[http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html|http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html]
3.) Using openSSL to generate a new certificate and point
EMAGENT_HOME\sysman\config\emd.properties emdRootCertLoc property at the new file. Then
rebooting the EM service.
After that, we rescan but the issue isnt fixed. Any Ideas? I am running Oracle11g on Windows 2003 Server (EE). I tried browsing this site and the official oracle documentation, but had a hard time finding up to date documentation for Oracle 11g's Enterprise Managers tools and configuration files. (only found 10g)
Thanks
Edited by: user8894663 on Dec 16, 2009 1:59 PM
Edited by: user8894663 on Dec 16, 2009 2:38 PM