Manually Configuring SSL Cipher Suite

The default SSL configuration uses default cipher suite negotiation. You can configure the system to use a different cipher suite if your organization's security standards do not allow for the default choice. You can view the default choice in the output from the SSL status report.

This advanced option involves editing a configuration file. Be careful to observe the syntactic conventions of this file type.

A manually configured SSL environment can co-exist with a default SSL configuration.

To manually configure SSL cipher suite:

1. Configure SSL.
2. Select the desired Java Cipher Suite name from the options located at https://download.oracle.com/javase/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#AppA.
3. Create an Open SSL Cipher Suite Name that matches the cipher suite chosen, using the list at http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT.

   For example, Java Cipher Suite name SSL_RSA_WITH_RC4_128_SHA maps to Open SSL: RSA+RC4+SHA.

4. Edit the bi-ssl.xml file located at:

   <DOMAIN_HOME>/config/fmwconfig/core/ssl/bi-ssl.xml

   and add following sub-element to the JavaHost/Listener/SSL element. For example:

   <EnabledCipherSuites>SSL_RSA_WITH_RC4_128_SHA</EnabledCipherSuites>
   

5. Restart the Oracle Business Intelligence components using:

   ./start.sh
   

   For more information, see "Starting and Stopping Oracle Business Intelligence System Components" in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition.