2 What's New in this Release

This chapter describes the features and improvements in Oracle HTTP Server. The following topics introduce the new and changed features of Oracle HTTP Server and other significant changes in the guides, and provides pointers to additional information.

New Features

This section describes the new features added to Oracle HTTP Server.

New Security Protocols and Ciphers for the Current Release

The current release of Oracle HTTP Server and Oracle Web Cache adds support for the TLSv1.1 and TSLv1.2 security protocols and the following ciphers. For the complete list of security protocols and ciphers supported by the current release of Oracle HTTP Server, see SSLProtocol and SSLCipherSuite in Oracle Fusion Middleware Administrator's Guide for Oracle HTTP Server.











Changes Related to Security Protocols

This section describes changes to ciphers and security protocols.

Post-Patching/Post-Upgrade Instructions for SSLCipherSuite Directive

If you are upgrading from an Oracle HTTP Server 10g or 11.1.1.x release to, Oracle recommends that you review the ciphers used in your configuration. Oracle HTTP Server has removed support for certain weak ciphers in this release. If these weak ciphers are used in your SSL configuration, then the server might fail to start or the request from clients that use these ciphers will be denied. To correct this, update the SSLCipherSuite directive with the correct ciphers. For more information on the supported ciphers in release, see SSLCipherSuite in Administrator's Guide for Oracle HTTP Server.

The following example illustrates a SSLCipherSuite configuration using all of the valid ciphers for the release (Note that the ciphers should be entered as a comma-delimited list: no spaces between the comma and the cipher name and no line breaks. Line breaks have been added to the following example only for readability):


Disable SSLv2 and SSLv3 Security Protocols

Because of security concerns, the SSLv3 security protocol is disabled out-of-the-box in the Oracle HTTP Server release.

If you are upgrading from an earlier release of Oracle HTTP Server, the SSLv3 and/or SSLv2 security protocol might be a part of your configuration. Oracle strongly recommends that you disable any SSLv3 or SSLv2 from Oracle HTTP Server. For more information, see Disable SSLv2 and SSLv3 Security Protocols in Administrator's Guide for Oracle HTTP Server.

Changes to SSL Configuration Screens in Fusion Middleware Control

  • The SSLv3 security protocol is not supported by default. thus it does not appear in the SSL configuration screen in Fusion Middleware Control.

  • Remove the cipher SSL_RSA_WITH_DES_CBC_SHA if it appears in your configuration. This cipher is not supported in the release.

See also FMW Infrastructure Does Not Support Certain Protocols and Ciphers.

Deprecated Features

Oracle HTTP Server has deprecated the following features:

mod_charset_lite Module has been Deprecated

The mod_charset_lite module has been deprecated in the current release. It will be removed from future releases.