Oracle Commerce Guided Search - Steps to enable the SSL 3.0 and TLS 1.0 protocols for Platform Services (2024)

Steps to enable the SSL 3.0 and TLS 1.0 protocols for Platform Services

Steps to enable the SSL 3.0 protocol for Forge

Parallel Forge

Steps to enable the SSL 3.0 protocol for Log Server

Note

If you enable SSL 3.0 and TLS 1.0 -- for compatibility or any other reason -- you thereby make your application vulnerable to the serious threats against which TLSv1.1 and TLSv1.2 provide protection.

To enable the SSL 3.0 protocol, follow these steps:

Openserver.xml at %ENDECA_TOOLS_ROOT%\server\workspace\conf.

Change sslEnabledProtocols tosslEnabledProtocols="SSLv3.0" in the SSL connector.

<Connector port="8443" SSLEnabled="true" protocol="org.apache.coyote.http11.Http11Protocol" maxPostSize="0" maxThreads="150" scheme="https" secure="true" clientAuth="true" sslEnabledProtocols="SSLv3" keystoreFile="cert.ks" keystorePass="eacpass" truststoreFile="ca.ks" truststorePass="eacpass" URIEncoding="UTF-8"

Open java.security file in %ENDECA_TOOLS_ROOT%/server/j2sdk/jre/lib/security.
Uncomment the jdk.tls.disabledAlgorithms property and disable all protocols except SSLv3: "jdk.tls.disabledAlgorithms=TLSv1, TLSv1.1,TLSv1.2".
See Also
How to Fix the “SSL Handshake Failed” and "Cloudflare 525" Error (5 Methods)Support Steps to disable SSLv3 protocol (POODLE VULNERABILITY) on Appservers that are supported by Identity Manager How Do I Disable SSL for a Database?_Database Security Service_Huawei Cloud
Restart the Tools and Frameworks server.

To enable the TLS 1.0 protocol, follow these steps:

Openserver.xml at %ENDECA_TOOLS_ROOT%\server\workspace\conf.

Change sslEnabledProtocols tosslEnabledProtocols="TLSv1" in the SSL connector.

<Connector port="8443" SSLEnabled="true" protocol="org.apache.coyote.http11.Http11Protocol" maxPostSize="0" maxThreads="150" scheme="https" secure="true" clientAuth="true" sslEnabledProtocols="TLSv1" keystoreFile="cert.ks" keystorePass="eacpass" truststoreFile="ca.ks" truststorePass="eacpass" URIEncoding="UTF-8"

Open java.security file in %ENDECA_TOOLS_ROOT%/server/j2sdk/jre/lib/security.
Uncomment the jdk.tls.disabledAlgorithms property and disable all other protocols except TLSv1:
```
jdk.tls.disabledAlgorithms=SSLv3, TLSv1.1, TLSv1.2
```
Restart the Tools and Frameworks server.

Note

When the SSLv3 protocol is enabled for Forge, it must also be enabled for both Platform Services and Tools and Frameworks.

Open DataIngest.xml file at APP_NAME/config/script.
See Also
Qualys Discussions

Pass extra argument "-sslv3" in "args" argument for Forge component.

<forge id="Forge" host-id="ITLHost"> <properties> <property name="numStateBackups" value="10" /> <property name="numLogBackups" value="10" /> </properties> <directories> <directory name="incomingDataDir">./data/incoming</directory> <directory name="configDir">./config/pipeline</directory> <directory name="wsTempDir">./data/workbench/temp</directory> </directories> <args> <arg>-vw</arg> <arg>--sslv3</arg> </args> <log-dir>./logs/forges/Forge</log-dir> <input-dir>./data/processing</input-dir> <output-dir>./data/forge_output</output-dir> <state-dir>./data/state</state-dir> <temp-dir>./data/temp</temp-dir> <num-partitions>1</num-partitions> <pipeline-file>./data/processing/pipeline.epx</pipeline-file> <ssl-config bean="sslConfig" ref="globalSslConfig"/> <!-- <credentials-map>CREDENTIALS_MAP</credentials-map> <jps-config-path>JPSCONFIG_LOCATION</jps-config-path> <opss-jars-dir>OPSS_JARS_DIR</opss-jars-dir> --> </forge>

Modify the "globalSslConfig" in APP_NAME/config/script/AppConfig.xml file to pass the ciphers that are supported for Forge when SSLv3 protocol is enabled.
Verify that the warning message "SSLv3 is enabled" is logged in apps\APP_NAME\logs\forges\Forge\Forge.log.

Note

The following ciphers are supported for Forge when the SSLv3 protocol is enabled.

AES128-sha
RC4-md5
RC4-sha

To enable SSLv3 during Parallel Forge execution, add -sslv3 to the arguments while starting Forge as server and Forge as client.

Note

When the SSLv3 protocol is enabled for the Logserver, it must also be enabled for both Platform Services and Tools and Frameworks.

Open the ReportGeneration.xml file in APP_NAME/config/script.

Specify "-sslv3" in an <arg> element:.

<logserver id="LogServer" host-id="ReportGenerationHost" port="15010"> <properties> <property name="numLogBackups" value="10" /> <property name="targetReportGenDir" value="./reports/input" /> <property name="targetReportGenHostId" value="ReportGenerationHost" /> </properties> <args> <arg> --sslv3 </arg> <args> <log-dir>./logs/logservers/LogServer</log-dir> <output-dir>./logs/logserver_output</output-dir> <startup-timeout>120</startup-timeout> <gzip>false</gzip></logserver>

Modify the "globalSslConfig" in APP_NAME/config/script/AppConfig.xml file to pass the ciphers that are supported for Logserver when the SSLv3 protocol is enabled. These ciphers are:
- AES128-sha
- RC4-md5
- RC4-sha
A warning message "SSLv3 is enabled" is logged in apps/APPNAME/logs\Logserver\Logserver.log.