Node Manager

To allow the Node Manager to use stronger ciphers, the WebLogic Server version must be at least 10.3.6.0.10, 12.1.2.0.4 or 12.1.3.0.3 (which are PSU versions delivered early 2015; see Document 1470197.1 on My Oracle Support for the latest). The nodemanager.properties may be used to customize ciphers, but will not work correctly with Node Manager unless the PSUs are applied. After the PSU is applied and JDK updated, it is recommended to allow the default processing to take place.

Use caution if setting this manually. You need to discover all supported ciphers with which the Node Manager needs to perform a handshake, including other internal middleware processes. By default, it is not required to update the ciphers for null, under 128-bit, weak, or vulnerabilities if you are updating the JDK and applying PSUs. A manual configuration is not recommended unless you have a strict business requirement to use a specific cipher suite.

1. Open nodemanager.properties file.

2. Access the following parameter and enter a cipher:

   CipherSuite=enter_a_cipher_of_your_choice_here

3. Locate your startnodemanager script file called startNodeManager.sh or startNodemanager.cmd, which you can usually find in the WLS_HOME/server/bin directory.

4. Add the flag for your JAVA_OPTIONS to your startnodemanger script file:

   -Dweblogic.security.SSL.Ciphersuites=enter_a_cipher_of_your_choice_here

Note: See Document 2286346.1 "Securing Node Manager Port with High Level SSL Ciphers and Disabling Undesired Algorithms" on My Oracle Support (https:\\support.oracle.com).