This chapter describes the features and improvements in Oracle HTTP Server. The following topics introduce the new and changed features of Oracle HTTP Server and other significant changes in the guides, and provides pointers to additional information.
This section describes the new features added to Oracle HTTP Server.
The current release of Oracle HTTP Server and Oracle Web Cache adds support for the TLSv1.1 and TSLv1.2 security protocols and the following ciphers. For the complete list of security protocols and ciphers supported by the current release of Oracle HTTP Server, see SSLProtocol and SSLCipherSuite in Oracle Fusion Middleware Administrator's Guide for Oracle HTTP Server.
This section describes changes to ciphers and security protocols.
If you are upgrading from an Oracle HTTP Server 10g or 11.1.1.x release to 220.127.116.11, Oracle recommends that you review the ciphers used in your configuration. Oracle HTTP Server has removed support for certain weak ciphers in this release. If these weak ciphers are used in your SSL configuration, then the server might fail to start or the request from clients that use these ciphers will be denied. To correct this, update the SSLCipherSuite directive with the correct ciphers. For more information on the supported ciphers in 18.104.22.168 release, see SSLCipherSuite in Administrator's Guide for Oracle HTTP Server.
The following example illustrates a
SSLCipherSuite configuration using all of the valid ciphers for the 22.214.171.124 release (Note that the ciphers should be entered as a comma-delimited list: no spaces between the comma and the cipher name and no line breaks. Line breaks have been added to the following example only for readability):
SSLCipherSuite SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Because of security concerns, the SSLv3 security protocol is disabled out-of-the-box in the Oracle HTTP Server 126.96.36.199 release.
If you are upgrading from an earlier release of Oracle HTTP Server, the SSLv3 and/or SSLv2 security protocol might be a part of your configuration. Oracle strongly recommends that you disable any SSLv3 or SSLv2 from Oracle HTTP Server. For more information, see Disable SSLv2 and SSLv3 Security Protocols in Administrator's Guide for Oracle HTTP Server.
The SSLv3 security protocol is not supported by default. thus it does not appear in the SSL configuration screen in Fusion Middleware Control.
Remove the cipher
SSL_RSA_WITH_DES_CBC_SHA if it appears in your configuration. This cipher is not supported in the 188.8.131.52 release.
Oracle HTTP Server has deprecated the following features: