Disabling Weak Cipher Suites Globally Through Java
You can disable weak cipher suites globally through Java. The JAVAHOME directory has a security file in which you can disable weak cipher suites. Any software, such as Oracle WebLogic Server, that uses this installation of Java will then have them disabled.
To disable weak cipher suites such as DES and 3DES globally through Java:
At a command prompt, access the java.security file:
J
AVA_HOME/jre/lib/security/java.security
Open the java.security file and locate the following parameter:
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768
In this line, after
=SSLv3
, addDES
andDESede
so that the line looks like this:jdk.tls.disabledAlgorithms=SSLv3, DES, DESede, RC4, MD5withRSA, DH keySize < 768
Verify that weak cipher suites have been disabled. See Verifying Weak Cipher Suites Have Been Disabled.