Disabling Weak Cipher Suites

Weak cipher suites are vulnerable to cyber attacks and therefore can expose a security gap. This section describes two different methods for handling weak cipher suites:

• Explicitly Configuring Ciphers in Oracle WebLogic Server

  This is a one-time, but tedious and lengthy process.

• Disabling Weak Cipher Suites Globally Through Java

  This method is easier, but must be repeated each time you receive a Java update.

Regardless of the method you choose, after disabling weak cipher suites, confirm the cipher suite has been disabled as described in Verifying Weak Cipher Suites Have Been Disabled.

See also: Refer to Document 1067411.1 on My Oracle Support (https:\\support.oracle.com) for information about anonymous and weak SSL cipher suites in Oracle WebLogic Server. This document includes considerations and guidelines for Oracle Fusion Middleware products.