1. Security Administration Guide
  2. Disabling Weak Cipher Suites Globally Through Java

Disabling Weak Cipher Suites Globally Through Java

You can disable weak cipher suites globally through Java. The JAVAHOME directory has a security file in which you can disable weak cipher suites. Any software, such as Oracle WebLogic Server, that uses this installation of Java will then have them disabled.

Note: If you have the latest JDK, this is done automatically.

To disable weak cipher suites such as DES and 3DES globally through Java:

  1. At a command prompt, access the java.security file:

    JAVA_HOME/jre/lib/security/java.security

  2. Open the java.security file and locate the following parameter:

    jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768

  3. In this line, after =SSLv3, add DES and DESede so that the line looks like this:

    jdk.tls.disabledAlgorithms=SSLv3, DES, DESede, RC4, MD5withRSA, DH keySize < 768

  4. Verify that weak cipher suites have been disabled. See Verifying Weak Cipher Suites Have Been Disabled.