AnsweredAssumed Answered

Protocol or cipher mismatch

Question asked by michael chiang on Nov 26, 2014
Latest reply on Dec 3, 2014 by Dave Garrett

Hi,

 

I am a newbie in the SSL area. However, due to the recent POODLE incident, we have to disable SSLv3 protoco and only accept TLS1.0l. After i change the ssl.conf file in my OC4J OHS (OC4J version is 10.1.3.1), and perform the testing under ssl-labs, i got the attached result. And most of browsers cannot open my page. Kindly please advice what should we fix. Thanks.

SSLEngine on

SSLProtocol All -SSLv2 -SSLv3

SSLCipherSuite EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:DES-CBC3-SHA:!ECDHE-RSA-DES-CBC3-SHA:!aNULL:!eNULL:!LOW:3DES:!EXP:!PSK:!SRP:!DSS

Attachments

Outcomes