Chnage TLS Cipher suites with ./oggServiceConfig

 

1         Chnage TLS Cipher suites with ./oggServiceConfig

https://github.com/oracle/docker-images/tree/master/OracleGoldenGate/bin

 

[oracle@scrbcdhnl006918 conf]$ pwd

/u02/ogg/TICOGG/var/lib/conf

[oracle@scrbcdhnl006918 conf]$ more adminsrvr-config.dat |python -m json.tool

                    “cipherSuites”: [

                        “TLS_RSA_WITH_AES_256_CBC_SHA”,

                        “TLS_RSA_WITH_AES_128_CBC_SHA”,

                        “SSL_RSA_WITH_RC4_128_SHA”,

                        “SSL_RSA_WITH_RC4_128_MD5”,

                        “SSL_RSA_WITH_3DES_EDE_CBC_SHA”

                    ],

 

oracle@linuxvm01:/ogg/app/oracle/oggma/12.3.0.1.4/DEPLOYMENT_LOCAL/LOCAL/var/lib/conf % more adminsrvr-config.dat |python -m json.tool

                    “cipherSuites”: [

                        “TLS_RSA_WITH_AES_256_CBC_SHA”,

                        “TLS_RSA_WITH_AES_128_CBC_SHA”,

                        “SSL_RSA_WITH_RC4_128_SHA”,

                        “SSL_RSA_WITH_RC4_128_MD5”,

                        “SSL_RSA_WITH_3DES_EDE_CBC_SHA”

                    ],

 

1.1        Change TLS Cipher suites of adminsrvr

oracle@linuxvm01:/home/oracle % export http_proxy=”

oracle@linuxvm01:/home/oracle % export https_proxy=”

oracle@linuxvm01:/home/oracle % ./oggServiceConfig https://linuxvm01:18100 LOCAL adminsrvr –user oggadmin –password Oracle1! –path /securityDetails/network/inbound/cipherSuites –value ‘[ “TLS_RSA_WITH_AES_128_CBC_SHA256”, “TLS_RSA_WITH_AES_256_CBC_SHA256” ]’

 

/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:769: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html

  InsecureRequestWarning)

Current value of “/securityDetails/network/inbound/cipherSuites” for “LOCAL/adminsrvr” is <not defined>.

Setting new value and restarting service.

New value of “/securityDetails/network/inbound/cipherSuites” for “LOCAL/adminsrvr” is

[

    “TLS_RSA_WITH_AES_128_CBC_SHA256”,

    “TLS_RSA_WITH_AES_256_CBC_SHA256”

].

 

 

OGG (not connected) 1> connect https://linuxvm01:18100 as oggadmin password Oracle1!

Using default deployment ‘LOCAL’

 

OGG (https://linuxvm01:18100 LOCAL) 2> info all

Program     Status      Group       Lag at Chkpt  Time Since Chkpt

 

ADMINSRVR   RUNNING

DISTSRVR    RUNNING

PMSRVR      RUNNING

RECVSRVR    RUNNING

 

OGG (https://linuxvm01:18100 LOCAL) 3> stop deployment *

Deployment ‘LOCAL’ was stopped

 

OGG (https://linuxvm01:18100 LOCAL) 4> info all

Program     Status      Group       Lag at Chkpt  Time Since Chkpt

 

ADMINSRVR   STOPPED

DISTSRVR    STOPPED

PMSRVR      STOPPED

RECVSRVR    STOPPED

 

OGG (https://linuxvm01:18100 LOCAL) 5> start deployment *

Deployment ‘LOCAL’ was started

 

OGG (https://linuxvm01:18100 LOCAL) 6>

2019-04-16 15:51:14  INFO    OGG-01851  filecaching started: thread ID: 140540492375808.

 

2019-04-16 15:51:14  INFO    OGG-01815  Virtual Memory Facilities for: COM

    anon alloc: mmap(MAP_ANON)  anon free: munmap

    file alloc: mmap(MAP_SHARED)  file free: munmap

    target directories:

    /ogg/app/oracle/oggma/12.3.0.1.4/DEPLOYMENT_LOCAL_tls2/LOCAL/var/temp/.

 

 

oracle@linuxvm01:/ogg/app/oracle/oggma/12.3.0.1.4/DEPLOYMENT_LOCAL_tls2/LOCAL/var/lib/conf % more adminsrvr-config.dat

% more adminsrvr-config.dat |python -m json.tool

{“config”:{“asynchronousOperationEnabled”:true,”authorizationDetails”:{“common”:{“allow”:[“Basic”,”x-Cert”]},”movingExpirationWindowSecs”:900,”sessionDurationSecs”:3600

,”useMovingExpirationWindow”:true},”authorizationEnabled”:true,”configHome”:”/ogg/app/oracle/oggma/12.3.0.1.4/DEPLOYMENT_LOCAL_tls2/LOCAL/etc/conf/”,”contentUrlR

ewrite”:”/$=/services/v2/content/index.html,/index.html=/services/v2/content/index.html,/content/$=/services/v2/content/index.html,/content$=/services/v2/content/index.

html,/content/=/services/v2/content/,/favicon.ico$=/services/v2/content/css/images/favicon.ico,/css/=/services/v2/content/css/,/js/=/services/v2/content/js/”,”defaultSy

nchronousWait”:30,”deploymentHome”:”/ogg/app/oracle/oggma/12.3.0.1.4/”,”legacyProtocolEnabled”:true,”network”:{“serviceListeningPort”:16101},”pathToDocRoot”:”/ogg_

home/app/oracle/oggma/12.3.0.1.4/lib/htdocs/adminsrvr”,”security”:true,”securityDetails”:{“network”:{“common”:{“authMode”:”clientOptional_server”,”blockSize”:4096,”cert

ACL”:[{“name”:”ANY “,”permission”:”allow”}],”cipherSuites”:[“TLS_RSA_WITH_AES_256_CBC_SHA”,”TLS_RSA_WITH_AES_128_CBC_SHA”,”SSL_RSA_WITH_RC4_128_SHA”,”SSL_RSA_WITH_RC4_1

28_MD5″,”SSL_RSA_WITH_3DES_EDE_CBC_SHA”],”crlEnabled”:false,”crlStore”:”file:”,”id”:”OracleSSL”,”protocolVersion”:”1_2_Or_1_1_Or_1_0_Or_3_0″,”role”:”server”,”wrl”:”file

:./etc/ssl/Deploy1/Server”},”inbound”:{“cipherSuites”:[“TLS_RSA_WITH_AES_128_CBC_SHA256″,”TLS_RSA_WITH_AES_256_CBC_SHA256″],”role”:”server”,”wrl”:”file:/ogg/app/or

acle/oggma/12.3.0.1.4/DEPLOYMENT_LOCAL_tls2/LOCAL/etc/ssl/linuxvm01″,”wrlPassword”:””},”outbound”:{“role”:”client”,”wrl”:”file:/ogg/app/oracle/oggma/12.3.0

.1.4/DEPLOYMENT_LOCAL_tls2/LOCAL/etc/ssl/oggmadistsrvr”,”wrlPassword”:””}}},”serverID”:”aed681bc-8440-4618-976f-0a3f20190e5e”,”serverIDShortLabel”:”rtaBvIRARhiXbwo/IB

kOXg”,”storeHome”:”/ogg/app/oracle/oggma/12.3.0.1.4/DEPLOYMENT_LOCAL_tls2/LOCAL/var/lib/conf/”,”taskManagerEnabled”:true,”workerThreadCount”:5}

}

 

1.2           Change TLS Cipher suites of distsrvr

./oggServiceConfig https://linuxvm01:18100 LOCAL distsrvr –user oggadmin –password Oracle1! –path /securityDetails/network/inbound/cipherSuites –value ‘[ “TLS_RSA_WITH_AES_128_CBC_SHA256”, “TLS_RSA_WITH_AES_256_CBC_SHA256” ]’

/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:769: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html

  InsecureRequestWarning)

Current value of “/securityDetails/network/inbound/cipherSuites” for “LOCAL/distsrvr” is <not defined>.

Setting new value and restarting service.

New value of “/securityDetails/network/inbound/cipherSuites” for “LOCAL/distsrvr” is

[

    “TLS_RSA_WITH_AES_128_CBC_SHA256”,

    “TLS_RSA_WITH_AES_256_CBC_SHA256”

].

 

1.3            Change TLS Cipher suites of recvsrvr

./oggServiceConfig https://linuxvm01:18100 LOCAL recvsrvr –user oggadmin –password Oracle1! –path /securityDetails/network/inbound/cipherSuites –value ‘[ “TLS_RSA_WITH_AES_128_CBC_SHA256”, “TLS_RSA_WITH_AES_256_CBC_SHA256” ]’

/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:769: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html

  InsecureRequestWarning)

Current value of “/securityDetails/network/inbound/cipherSuites” for “LOCAL/recvsrvr” is <not defined>.

Setting new value and restarting service.

New value of “/securityDetails/network/inbound/cipherSuites” for “LOCAL/recvsrvr” is

[

    “TLS_RSA_WITH_AES_128_CBC_SHA256”,

    “TLS_RSA_WITH_AES_256_CBC_SHA256”

].

cle@linuxvm01:/ogg/app/oracle/oggma/12.3.0.1.4/DEPLOYMENT_LOCAL/LOCAL/var/lib/conf % grep -i TLS_RSA_WITH_AES_128_CBC_SHA256 adminsrvr-config.da

{“config”:{“asynchronousOperationEnabled”:true,”authorizationDetails”:{“common”:{“allow”:[“Basic”,”x-Cert”]},”movingExpirationWindowSecs”:900,”sessionDurationSecs”:3600,”useMovingExpirationWindow”:true},”authorizationEnabled”:true,”configHome”:”/ogg/app/oracle/oggma/12.3.0.1.4/DEPLOYMENT_LOCAL/LOCAL/etc/conf/”,”contentUrlRewrite”:”/$=/services/v2/content/index.html,/index.html=/services/v2/content/index.html,/content/$=/services/v2/content/index.html,/content$=/services/v2/content/index.html,/content/=/services/v2/content/,/favicon.ico$=/services/v2/content/css/images/favicon.ico,/css/=/services/v2/content/css/,/js/=/services/v2/content/js/”,”defaultSynchronousWait”:30,”deploymentHome”:”/ogg/app/oracle/oggma/12.3.0.1.4/”,”legacyProtocolEnabled”:true,”network”:{“serviceListeningPort”:16001},”pathToDocRoot”:”/ogg/app/oracle/oggma/12.3.0.1.4/lib/htdocs/adminsrvr”,”security”:true,”securityDetails”:{“network”:{“common”:{“authMode”:”clientOptional_server”,”blockSize”:4096,”certACL”:[{“name”:”ANY “,”permission”:”allow”}],”cipherSuites”:[“TLS_RSA_WITH_AES_256_CBC_SHA”,”TLS_RSA_WITH_AES_128_CBC_SHA”,”SSL_RSA_WITH_RC4_128_SHA”,”SSL_RSA_WITH_RC4_128_MD5″,”SSL_RSA_WITH_3DES_EDE_CBC_SHA”],”crlEnabled”:false,”crlStore”:”file:”,”id”:”OracleSSL”,”protocolVersion”:”1_2_Or_1_1_Or_1_0_Or_3_0″,”role”:”server”,”wrl”:”file:./etc/ssl/Deploy1/Server”},”inbound”:{“cipherSuites”:[“TLS_RSA_WITH_AES_128_CBC_SHA256″,”TLS_RSA_WITH_AES_256_CBC_SHA256″],”role”:”server”,”wrl”:”file:/ogg/app/oracle/oggma/12.3.0.1.4/DEPLOYMENT_LOCAL/LOCAL/etc/ssl/linuxvm01″,”wrlPassword”:””},”outbound”:{“role”:”client”,”wrl”:”file:/ogg/app/oracle/oggma/12.3.0.1.4/DEPLOYMENT_LOCAL/LOCAL/etc/ssl/oggmadistsrvr”,”wrlPassword”:””}}},”serverID”:”e26fdc98-99d6-443b-b809-c879b5f10cc6″,”serverIDShortLabel”:”4m/cmJnWRDu4Cch5tfEMxg”,”storeHome”:”/ogg/app/oracle/oggma/12.3.0.1.4/DEPLOYMENT_LOCAL/LOCAL/var/lib/conf/”,”taskManagerEnabled”:true,”workerThreadCount”:5}

1.4            Change TLS Cipher suites of pmsrvr

./oggServiceConfig https://linuxvm01:18100 LOCAL pmsrvr –user oggadmin –password Oracle1! –path /securityDetails/network/inbound/cipherSuites –value ‘[ “TLS_RSA_WITH_AES_128_CBC_SHA256”, “TLS_RSA_WITH_AES_256_CBC_SHA256” ]’

/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:769: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html

  InsecureRequestWarning)

Current value of “/securityDetails/network/inbound/cipherSuites” for “LOCAL/pmsrvr” is <not defined>.

Setting new value and restarting service.

New value of “/securityDetails/network/inbound/cipherSuites” for “LOCAL/pmsrvr” is

[

    “TLS_RSA_WITH_AES_128_CBC_SHA256”,

    “TLS_RSA_WITH_AES_256_CBC_SHA256”

].

1.5         Check log

oracle@linuxvm01:/ogg/app/oracle/oggma/12.3.0.1.4/DEPLOYMENT_LOCAL_tls2/LOCAL/var/log % grep -i TLS_RSA_WITH_AES_128_CBC_SHA256 *

adminsrvr.log:2019-04-16T15:22:04.826+0000 INFO | Ciphersuite id & name: 0x003c – ‘TLS_RSA_WITH_AES_128_CBC_SHA256’. (main)

adminsrvr.log:2019-04-16T15:40:38.997+0000 INFO | Ciphersuite id & name: 0x003c – ‘TLS_RSA_WITH_AES_128_CBC_SHA256’. (main)

adminsrvr.log:2019-04-16T15:40:39.006+0000 INFO | Cipher installed: 0x003c – ‘TLS_RSA_WITH_AES_128_CBC_SHA256’. (main)

adminsrvr.log:2019-04-16T15:51:13.937+0000 INFO | Ciphersuite id & name: 0x003c – ‘TLS_RSA_WITH_AES_128_CBC_SHA256’. (main)

adminsrvr.log:2019-04-16T15:51:13.949+0000 INFO | Cipher installed: 0x003c – ‘TLS_RSA_WITH_AES_128_CBC_SHA256’. (main)

distsrvr.log:2019-04-16T15:22:05.400+0000 INFO | Ciphersuite id & name: 0x003c – ‘TLS_RSA_WITH_AES_128_CBC_SHA256’. (main)

distsrvr.log:2019-04-16T15:51:14.435+0000 INFO | Ciphersuite id & name: 0x003c – ‘TLS_RSA_WITH_AES_128_CBC_SHA256’. (main)

distsrvr.log:2019-04-16T16:06:21.522+0000 INFO | Ciphersuite id & name: 0x003c – ‘TLS_RSA_WITH_AES_128_CBC_SHA256’. (main)

distsrvr.log:2019-04-16T16:06:21.543+0000 INFO | Cipher installed: 0x003c – ‘TLS_RSA_WITH_AES_128_CBC_SHA256’. (main)

pmsrvr.log:2019-04-16T15:22:05.088+0000 INFO | Ciphersuite id & name: 0x003c – ‘TLS_RSA_WITH_AES_128_CBC_SHA256’. (main)

pmsrvr.log:2019-04-16T15:51:14.309+0000 INFO | Ciphersuite id & name: 0x003c – ‘TLS_RSA_WITH_AES_128_CBC_SHA256’. (main)

pmsrvr.log:2019-04-16T16:11:55.724+0000 INFO | Ciphersuite id & name: 0x003c – ‘TLS_RSA_WITH_AES_128_CBC_SHA256’. (main)

pmsrvr.log:2019-04-16T16:11:55.724+0000 INFO | Cipher installed: 0x003c – ‘TLS_RSA_WITH_AES_128_CBC_SHA256’. (main)

recvsrvr.log:2019-04-16T15:22:04.926+0000 INFO | Ciphersuite id & name: 0x003c – ‘TLS_RSA_WITH_AES_128_CBC_SHA256’. (main)

recvsrvr.log:2019-04-16T15:51:13.854+0000 INFO | Ciphersuite id & name: 0x003c – ‘TLS_RSA_WITH_AES_128_CBC_SHA256’. (main)

recvsrvr.log:2019-04-16T16:10:50.856+0000 INFO | Ciphersuite id & name: 0x003c – ‘TLS_RSA_WITH_AES_128_CBC_SHA256’. (main)

recvsrvr.log:2019-04-16T16:10:50.856+0000 INFO | Cipher installed: 0x003c – ‘TLS_RSA_WITH_AES_128_CBC_SHA256’. (main)

 

 

1.6         Add distpath

ADD DISTPATH path1 SOURCE trail://127.0.0.1:16102/services/v2/sources?trail=/ogg/app/oracle/oggma/12.3.0.1.4/DEPLOYMENT_LOCAL_tls2/LOCAL/var/lib/data/TS  TARGET wss://linuxvm01:16103/services/v2/targets?trail=/ogg/app/oracle/oggma/12.3.0.1.4/DEPLOYMENT_LOCAL_tls2/LOCAL/var/lib/data/TS

 

oracle@linuxvm01:/ogg/app/oracle/oggma/12.3.0.1.4/DEPLOYMENT_LOCAL_tls2/LOCAL/var/log % tail -f  distsrvr.log

2019-04-16T16:21:25.010+0000 INFO | 5 ciphers installed. (path1)

2019-04-16T16:21:25.010+0000 INFO | Cipher installed: 0x003c – ‘TLS_RSA_WITH_AES_128_CBC_SHA256’. (path1)

2019-04-16T16:21:25.010+0000 INFO | Cipher installed: 0x003d – ‘TLS_RSA_WITH_AES_256_CBC_SHA256’. (path1)

2019-04-16T16:21:25.010+0000 INFO | Cipher installed: 0x0005 – ‘SSL_RSA_WITH_RC4_128_SHA’. (path1)

2019-04-16T16:21:25.010+0000 INFO | Cipher installed: 0x0004 – ‘SSL_RSA_WITH_RC4_128_MD5’. (path1)

2019-04-16T16:21:25.010+0000 INFO | Cipher installed: 0x000a – ‘SSL_RSA_WITH_3DES_EDE_CBC_SHA’. (path1)

2019-04-16T16:21:25.092+0000 INFO | Negotiated cipher: 0x003c – ‘TLS_RSA_WITH_AES_128_CBC_SHA256’. (path1)

2019-04-16T16:21:26.316+0000 INFO | INFO    OGG-01892  Oracle GoldenGate Distribution Server for Oracle:  Distribution path network is configured as

 

                                                      OS DEFAULT          SPECIFIED           ACTUAL VALUE

                                      APP_FLUSHBYTES    27985               N/A                 27985

                                       APP_FLUSHSECS    1                   N/A                 1

                                             IP_DSCP    DEFAULT             N/A                 DEFAULT

                                              IP_TOS    DEFAULT             N/A                 DEFAULT

                                         TCP_NODELAY    0                   N/A                 0

                                        TCP_QUICKACK    1                   1                   1

                                            TCP_CORK    0                   N/A                 0

                                           SO_SNDBUF    16384               N/A                 16384

                                           SO_RCVBUF    87380               N/A                 87380. (path1)

2019-04-16T16:21:26.435+0000 INFO | INFO    OGG-01052  Oracle GoldenGate Distribution Server for Oracle:  No recovery is required for target file /ogg/app/oracle/oggma/12.3.0.1.4/DEPLOYMENT_LOCAL_tls2/LOCAL/var/lib/data/TS000000000, at RBA 0 (file not opened). (path1)

2019-04-16T16:21:26.492+0000 INFO | INFO    OGG-02243  Oracle GoldenGate Distribution Server for Oracle:  Opened trail file /ogg/app/oracle/oggma/12.3.0.1.4/DEPLOYMENT_LOCAL_tls2/LOCAL/var/lib/data/TS000000000 at 2019-04-16 16:21:26.492925. (path1)

2019-04-16T16:21:26.492+0000 INFO | Response returned with HTTP/1.1 200 OK 509 (Thread 8)

 

1.7         View the configuration

oracle@linuxvm01:/ogg/app/oracle/oggma/12.3.0.1.4/DEPLOYMENT_LOCAL_tls2/ServiceManager/var/lib/conf % grep -i TLS *

ServiceManager-config.dat:{“config”:{“asynchronousOperationEnabled”:true,”authorizationDetails”:{“common”:{“allow”:[“Basic”,”x-Cert”]},”movingExpirationWindowSecs”:900,”sessionDurationSecs”:3600,”useMovingExpirationWindow”:true},”authorizationEnabled”:true,”configHome”:”/ogg/app/oracle/oggma/12.3.0.1.4/DEPLOYMENT_LOCAL_tls2/ServiceManager/etc/conf/”,”contentUrlRewrite”:”/$=/services/v2/content/index.html,/index.html=/services/v2/content/index.html,/content/$=/services/v2/content/index.html,/content$=/services/v2/content/index.html,/content/=/services/v2/content/,/favicon.ico$=/services/v2/content/css/images/favicon.ico,/css/=/services/v2/content/css/,/js/=/services/v2/content/js/”,”defaultSynchronousWait”:30,”deploymentHome”:”/ogg/app/oracle/oggma/12.3.0.1.4/”,”inventoryLocation”:”/ogg/app/oracle/oggma/12.3.0.1.4/DEPLOYMENT_LOCAL_tls2/ServiceManager/etc/conf”,”legacyProtocolEnabled”:false,”network”:{“serviceListeningPort”:18100},”pathToDocRoot”:”/ogg/app/oracle/oggma/12.3.0.1.4/lib/htdocs/ServiceManager”,”security”:true,”securityDetails”:{“network”:{“common”:{“authMode”:”server_only”,”blockSize”:4096,”certACL”:[{“name”:”ANY “,”permission”:”allow”}],”cipherSuites”:[“TLS_RSA_WITH_AES_256_CBC_SHA”,”TLS_RSA_WITH_AES_128_CBC_SHA”,”SSL_RSA_WITH_RC4_128_SHA”,”SSL_RSA_WITH_RC4_128_MD5″,”SSL_RSA_WITH_3DES_EDE_CBC_SHA”],”crlEnabled”:false,”crlStore”:”file:”,”id”:”OracleSSL”,”protocolVersion”:”1_2_Or_1_1_Or_1_0_Or_3_0″,”role”:”server”,”wrl”:”file:./etc/ssl/Deploy1/Server”},”inbound”:{“role”:”server”,”wrl”:”file:/ogg/app/oracle/oggma/12.3.0.1.4/DEPLOYMENT_LOCAL_tls2/ServiceManager/etc/ssl/linuxvm01″,”wrlPassword”:””}}},”serverID”:”c6279ef4-2b02-452f-bc8a-5e33e4033bdd”,”serverIDShortLabel”:”xiee9CsCRS+8il4z5AM73Q”,”storeHome”:”/ogg/app/oracle/oggma/12.3.0.1.4/DEPLOYMENT_LOCAL_tls2/ServiceManager/var/lib/conf/”,”workerThreadCount”:5}

 

oracle@linuxvm01:/home/oracle % ./oggServiceConfig https://linuxvm01:18100 LOCAL adminsrvr –user oggadmin –password Oracle1!

/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:769: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html

  InsecureRequestWarning)

Current value of “/” for “LOCAL/adminsrvr” is

{

    “authorizationDetails”: {

        “common”: {

            “allow”: [

                “Basic”,

                “x-Cert”

            ]

        }

    },

    “authorizationEnabled”: true,

    “legacyProtocolEnabled”: true,

    “network”: {

        “serviceListeningPort”: 16101

    },

    “security”: true,

    “securityDetails”: {

        “network”: {

            “common”: {

                “authMode”: “clientOptional_server”,

                “blockSize”: 4096,

                “cipherSuites”: [

                    “TLS_RSA_WITH_AES_256_CBC_SHA”,

                    “TLS_RSA_WITH_AES_128_CBC_SHA”,

                    “SSL_RSA_WITH_RC4_128_SHA”,

                    “SSL_RSA_WITH_RC4_128_MD5”,

                    “SSL_RSA_WITH_3DES_EDE_CBC_SHA”

                ],

                “crlEnabled”: false,

                “crlStore”: “file:”,

                “id”: “OracleSSL”,

                “protocolVersion”: “1_2_Or_1_1_Or_1_0_Or_3_0”

            },

            “inbound”: {

                “cipherSuites”: [

                    “TLS_RSA_WITH_AES_128_CBC_SHA256”,

                    “TLS_RSA_WITH_AES_256_CBC_SHA256”

                ],

                “role”: “server”,

                “wrl”: “file:/ogg/app/oracle/oggma/12.3.0.1.4/DEPLOYMENT_LOCAL_tls2/LOCAL/etc/ssl/linuxvm01”,

                “wrlPassword”: “”

            },

            “outbound”: {

                “role”: “client”,

                “wrl”: “file:/ogg/app/oracle/oggma/12.3.0.1.4/DEPLOYMENT_LOCAL_tls2/LOCAL/etc/ssl/oggmadistsrvr”,

                “wrlPassword”: “”

            }

        }

    },

    “taskManagerEnabled”: true,

    “workerThreadCount”: 5

}

 

 

 

 

 

2         Create new OGG MA deployment with TLS1.2(TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256)

Edit response file:

 

#——————————————————————————-

# Specify the Cipher Suites to be used for SSL.

#——————————————————————————-

CIPHER_SUITES=TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256

#TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA

 

Leave a Reply

Your email address will not be published. Required fields are marked *