Ironport Cipher Suites external address allows 56-bit DES

Similar Messages

• Help enabling AES 256-bit cipher suites

  I can't seem to create an SSLServerSocket with the 2 AES 256-bit cipher suites that are supposed to be available in JDK1.4.2. As you can see in the following code, the SSLServerSocket, ss, is enabled with the 2 AES_256 cipher suites. But, when ss.getEnabledCipherSuites() is invoked, those 2 suites aren't listed. What's up?
  Also, what is this SSLv2Hello that I can't seem to get rid of?
      String[] PROTOCOLS = {"SSLv3", "TLSv1"};
      String[] CIPHER_SUITES = {"TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
                                "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
                                "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
                                "TLS_RSA_WITH_AES_256_CBC_SHA",
                                "TLS_RSA_WITH_AES_128_CBC_SHA",
                                "SSL_RSA_WITH_3DES_EDE_CBC_SHA"};// create an SSLServerSocket ss
          SSLContext context = SSLContext.getInstance("TLS", "SunJSSE");
          context.init(myKeyManagers, myTrustManagers, SecureRandom.getInstance("SHA1PRNG", "SUN"));
          SSLServerSocketFactory ssFactory = context.getServerSocketFactory();
          SSLServerSocket ss = ssFactory.createServerSocket();
          ss.setEnabledProtocols(PROTOCOLS);
          ss.setEnabledCipherSuites(CIPHER_SUITES);// output a bunch of useful debugging information
          System.out.println(System.getProperty("java.version") + "\n");
          Provider[] providers = Security.getProviders();
          for(int i=0; i < providers.length; ++i)
              System.out.println(providers[i] + "\n" + providers.getInfo() + "\n********************");
  String[] enabledProtocols = ss.getEnabledProtocols();
  for(int i=0; i < enabledProtocols.length; ++i)
  System.out.println(enabledProtocols[i]);
  String[] enabledCipherSuites = ss.getEnabledCipherSuites();
  for(int i=0; i < enabledCipherSuites.length; ++i)
  System.out.println(enabledCipherSuites[i]);
  OUTPUT
  1.4.2
  SUN version 1.42
  SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
  SunJSSE version 1.42
  Sun JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
  SunRsaSign version 1.42
  SUN's provider for RSA signatures
  SunJCE version 1.42
  SunJCE Provider (implements DES, Triple DES, AES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
  SunJGSS version 1.0
  Sun (Kerberos v5)
  SSLv2Hello
  SSLv3
  TLSv1
  TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
  TLS_RSA_WITH_AES_128_CBC_SHA

  Now I get an Exception when I run the same program.
  OUTPUT
  1.4.2
  SUN version 1.42
  SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
  SunJSSE version 1.42
  Sun JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
  SunRsaSign version 1.42
  SUN's provider for RSA signatures
  SunJCE version 1.42
  SunJCE Provider (implements DES, Triple DES, AES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
  SunJGSS version 1.0
  Sun (Kerberos v5)
  java.lang.IllegalArgumentException: Cannot support TLS_DHE_RSA_WITH_AES_256_CBC_SHA with currently installed providers
          at com.sun.net.ssl.internal.ssl.CipherSuiteList.<init>(DashoA6275)
          at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.setEnabledCipherSuites(DashoA6275)
          at test.util.ConcreteSSLServerSocketFactory.initSocket(ConcreteSSLServerSocketFactory.java:111)
          at test.util.ConcreteSSLServerSocketFactory.createServerSocket(ConcreteSSLServerSocketFactory.java:100)
          at test.Test.main(Test.java:111)
  Exception in thread "main"

• How to add a Cipher Suite using RSA 1024 algorithm to the 'SSL Cipher Suite Order' GPO

  Following a VA test the Default Domain GPO has been set to enable the SSL Cipher Suite Order.  Following the change Symantec Endpoint Protection Manager doesn't work properly as the the Home, Monitors and Reports pages are blank and an Schannel error is
  logged in the SEPM server's event log.
  I have spoken to Symantec and I have been told that we need to allow the RSA 1024 bit algorithm but they can't tell me which cipher suite this would be.  I have looked in the GPO setting and can't see an RSA 1024 suite but have found some in this article:
  http://tools.ietf.org/html/draft-ietf-tls-56-bit-ciphersuites-01
  I want to know how to add an additional cipher suite into the setting safely.  Am I able to just add the suite into the GPO setting (eg TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA) or do I need to do anything else beforehand?
  If anyone has any advice regarding this or cipher suite orders and troubleshooting SSL problems it would be much appreciated,
  Thanks
  Chris

  Hi Chris,
  Based on my research, RSA_EXPORT1024_DES_CBC_SHA is a previous cipher suite, which is supported, you can enable it use
  SSL Cipher Suite Order policy setting under Administrative Templates\Network\SSL Configuration Settings.
  More information for you:
  TLS/SSL Cryptographic Enhancements
  http://technet.microsoft.com/en-us/library/cc766285(v=WS.10).aspx
  Best Regards,
  Amy

• SSL Medium Strength Cipher Suites Supported vulnerability

  Kind of an odd thing.  We just had a vulnerability scan and a 2960 got pinged for supporting medium strength SSL cipher suites.  I say strange cause I have 3 others that have the same IOS image and they didn't get pinged.  Swap out the management IP address and they are all the same.  They are all running 12.2(52)SE C2960-LANBASEK9-M, with a 768 bit keys.  Here is the text of the vulnerability :
  Synopsis : The remote service supports the use of medium strength SSL ciphers. Description : The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as those with key lengths at least 56 bits and less than 112 bits.
  Reconfigure the affected application if possible to avoid use of medium strength ciphers. / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) Plugin output : Here are the medium strength SSL ciphers supported by the remote server : Medium Strength Ciphers (>= 56-bit and < 112-bit key) SSLv3 EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1 DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 TLSv1 EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1 DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 The fields above are : {OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag}
  Can someone point me in the right direction on how to re-configure the switch to pass this test?
  Thanks
  Poirot

  I believe the alert there is because you are using a 768 key which was broken recently (Jan 2010 a paper was published on it with results from efforts that took 4 years to break 768 keys). 768bit RSA keys is not considered secure enough any more.
  I would suggest you to configure keys of 1024 on these switches and try again.
  I hope it helps.
  PK

• Sending mail to external address

  Hi all,
  I did a configuration for set up the gateway
  1- Set up RFC in SM59. I tested this connection was working fine.
  2- Created a node in SCOT under INT (Internet). Allowed all formats for processing.
  3- I have set up conversion rules in SCOT.
  4- After above When I send an email from Workplace to an external address like [email protected] I get an error that “Cannot process message in node, parameters cannot be converted”.
  Message class XS message 821
  Now I am not sure what parameters it has not been able to convert. Has anyone encountered this problem earlier?
  Thanks in advance.
  ViKaS.

  Hai Vikas
  Check the following Document
  Here are the steps.
  SM59 Transaction is used for Connection Establishment with Destination.
  When you establish a connection to a client through a destination, the HTTP connection must first be entered in transaction SM59.
  There are two types of HTTP connection in transaction SM59: Call transaction SM59 to display the different RFC destinations.
  The HTTP connection to the external server (connection type G) and the HTTP connection to the R/3 system (connection type H) are different only in their logon procedures. Their technical settings are the same. To display the technical settings, double-click a connection.
  You can choose from three tabs. Under Technical Settings, you can specify the following:
  &#12539; Target Host: The host to which you want to connect.
  Note that if you are using HTTPS as a protocol, you have to specify the full host name (with domain).
  &#12539; Service No.: Here, you specify the port. The destination host must of course be configured in such a way that the specified port “understands” the corresponding protocol (HTTP or HTTPS). See Parameterizing the ICM and the ICM Server Cache.
  &#12539; Path Prefix: At the time when the connection to this destination is initiated, the system inserts this sub-path before ~request_uri.
  &#12539; HTTP Proxy Options: Here, you can configure a proxy for HTTP connections: You can determine the proxy host and service, as well as users and passwords for the HTTP connection.
  The tab page Logon/Security will be different depending on whether you have selected a HTTP connection to an external server (connection type G) or a HTTP connection to an R/3 system (connection type H).
  HTTP Connection to an External Server (Connection Type G)
  Choose the connection you want to use. You can choose from the following logon procedures:
  &#12539; No Logon: The server program does not request a user or password.
  &#12539; Basic Authentication: The server program requests a user and password. Basic Authentication is a standard HTTP method for authenticating users. When a user logs on to the target system, he or she provides a user ID and password as authentication. This information is then sent in a header variable as a Base 64-encoded string to the server, through the HTTP connection.
  &#12539; SSL Client Certificate: If you use client certificates for authentication, the client authentication is performed through the Secure Sockets Layer (SSL) protocol. In this case, you must also select the SSL Client PSE of the SAP Web AS that contains the relevant certificate for the authentication. The target system must handle the issuer of the SAP Web AS client certificate as a trusted system.
  Under Logon/Security, you can also activate SSL to ensure that HTTPS is the protocol used (if you select SSL, make sure that the correct port is entered under Technical Settings). In the security transaction STRUST you can determine which type of SSL client is used. (Getting Started with the Trust Manager, Trust Manager).
  The field Authorization for Destination has been implemented as an additional level of protection. We recommend that you specify a user and password for the RFC destination.
  HTTP Connection to an R/3 System (Connection Type H)
  Here, you can specify more settings for authentication in the target system.
  The settings under Technical Settings and Special Options are the same as for connection type G. Under Logon/Security, the connection type H has additional logon procedures. As with external servers, you can activate and deactivate SSL and specify an authorization.
  Because the target system is an SAP system, you can set the client and language for the logon as well as the user name and password. If you check Current User, you have to specify the password.
  The following authentication procedures are available: Basic Authentication, SAP Standard, and SAP Trusted System, and SSL Client Certificate.
  &#12539; HTTP Basic Authentication: Logon with user and password
  &#12539; SAP Standard: This procedure uses an RFC logon procedure. The RFC Single Sign-On (SSO) procedure is valid within the one system. The same SAP user (client, language, and user name) is used for logon.
  &#12539; SAP Trusted System: Trusted RFC logon to a different SAP system (see Trusted System: Maintaining Trust Relationships Between SAP Systems)).
  &#12539; SSL Client Certificate: The SSL protocol enables you to use client certificates for the logon.
  Type G/H (SM59)
  Timeout:
  When sending a HTTP request, you can use this parameter to specify the maximum response time for the connection.
  HTTP Setting:
  You can use the HTTP version to specify the protocol version of the HTTP request (HTTP 1.0 or 1.1).
  Regards
  Sreeni

• WSMAN CredSSP TLS 1.2 support and cipher suites

  Hi all,
  The protocol document [MS-CSSP] explains the first base64 encoded token send in the authenticate from the client to the server is a TLS Client Hello. The response is a ServerHello.
  The diagram in section 4 'Protocol Examples' of the document indicates the ServerHello has a cipher suite of TLS_RSA_WITH_RC_128_SHA. The TLS version and cipher suites are not mentioned anywhere else in the document.
  So lets take a look a network packet capture of a CredSSP authentication between a winrm.exe client and a Windows 2008 R2 server. I have base64 decoded the contents of the CredSSP Authorization headers,
  The ClientHello bytes (without the extensions) send by my client are:
  16 03 01 00 6B 01 00 00  67 03 01 54 DB 64 77 22 
  A2 1C A3 23 93 61 3B 00  1B DE 1C 6D 42 34 94 8D 
  1D 44 2C 64 8B 42 AC 41  B4 E2 DE 00 00 14 00 2F 
  00 35 00 0A C0 13 C0 14  C0 09 C0 0A 00 32 00 38 
  00 13 01 00 00 2A FF 01  00 01 00 00 00 00 11 00 
  0F 00 00 0C
  Decoding this we can see that this is TLS 1.0 {03, 01}, taking a look at the ciphers we have:
  TLS_RSA_WITH_AES_128_CBC_SHA 0x00 0x2F
  TLS_RSA_WITH_AES_256_CBC_SHA 0x00 0x35
  TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x00,0x0A
  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC0,0x13
  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC0,0x14
  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC0,0x09
  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC0,0x0A
  TLS_DHE_DSS_WITH_AES_128_CBC_SHA 0x00,0x32
  TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0x00,0x38
  TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 0x00,0x13
  Now lets look at the ServerHello (without the extensions)
  16 03 01 02 3C 02 00 00  4D 03 01 54 DB 64 78 73 
  92 C6 86 A3 F8 FF 3D D4  36 77 C0 FC 80 61 3F 4D 
  8C BC 60 CD BC 4D B1 1C  4A CF 0A 20 DA 14 00 00 
  38 11 DB C9 1C D0 8C 76  E7 A0 B9 F7 A5 D4 94 DF 
  8B 83 38 B3 FF EB AA 65  EB 23 03 0A 00 2F 00 00 
  05 FF 01 00 01 00 0B 00  01 E3 00 01 E0 00 01 DD 
  30 82 01 D9 30 82 01 42  A0 03 02 01 02 02 10 44 
  56 23 69 44 ED 93 85 43  DF B8 DF E3 75 DC A7 30 
  0D 06 09 2A 86 48 86 F7  0D 01 01 05 05 00 30 2B 
  31 29 30 27 06 03 55 04  03 13 20 
  The server responds with TLS 1.0 and selected cipher (0x00 0x2F)
  TLS_RSA_WITH_AES_128_CBC_SHA
  Based on this I created a WSMan CredSSP client using Python and OpenSSL and configured it to use TLS 1.2. I found the Windows server always responded with TLS 1.0. So, I configured my OpenSSL client for TLS 1.0 and set the cipherlist to AES128-SHA (like winrs.exe).
  The CredSSP TLS handshake completes, but the first ASN.1 encoded TSRequest token (containing an NTLM negotiate token) is rejected. However, if my openssl cipherlist is set to RC4, the TSRequest token is accepted and authentication is successful.
  This raises several questions:
  1. Despite sending a TLS 1.2 ClientHello the WSMan CredSSP Server always responded with TLS 1.0 ServerHello. A number of security experts consider this version effectivly broken. Does CredSSP support TLS 1.2?
  2. I can authenticate with CredSSP using openssl 'RC4' cipher suites - but not with AES128-SHA suites. Are suites besides RC4 supported (winrs.exe appears to use AES).
  Thanks
  Ian

  Forum Update:
  I can now answer my 2nd question. The reason CredSSP is rejecting my TSRequest token when using AES128-SHA is because this ciphersuite is using CBC.
  Some years ago OpenSSL added empty fragments to SSLv3 and TLS 1.0 packets to address a potential security vulnerability. These empty fragments are not compatible with Microsofts SChannel implementation so Windows is unable to decrypt the data. OpenSSL added
  a compatibility flag SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS (0x00000800L) that must be set in the openssl client's context options to address this issue with Microsofts implementation. Once I set this option my python openssl client successfully authenticated
  with a Windows 2012 R2 server using ECDHE-RSA-AES256-SHA - much better.
  Question 1 is still unanswered. Is TLS 1.2 with CredSSP supported?

• Cipher suite

  When using JSSE to create SSL socket, are the following items automatically applied?:
  1. Key exchange agreement - Diffie-Hellman
  2. Symmetric Encrytion Algorithms - AES 128 bits
  3. Message Authentication Code (MAC) - HMAC
  4. Message Digest Algorithm - SHA-1
  5. Public algorithm for signing - RSA

  1. Key exchange agreement - Diffie-Hellman
  2. Symmetric Encrytion Algorithms - AES 128 bits
  3. Message Authentication Code (MAC) - HMAC
  4. Message Digest Algorithm - SHA-1
  5. Public algorithm for signing - RSAThe answer to all those is yes, but in each case the actual protocol or algorithm depends on the negotiated cipher suite, which depends on:
  (a) the enabled cipher suites at the client
  (b) the enabled cipher suites at the server
  (c) the available X.50 certificates at the server
  and, if client authentication is enabled at the server
  (d) the available X.509 certificates at the client.

• Cisco Prime Infrastucture vulnerability SSL RC4 Cipher Suites Supported

  Hi All,
  I have a question on how to disable RC4 Cipher Suites Supported on Cisco Prime Infrastructure Platform.
  My Client have use Nessus Software to scan on prime. and found on below vulnerability
  SSL RC4 Cipher Suites Supported
  Cisco prime infrastructure deploy on latest 2.1
  we have gain the root access and modifier the ssl.conf and restart the service also unable to solve.
  /opt/CSCOlumos/httpd/ssl/backup/ssl.conf
  /opt/CSCOlumos/httpd/ssl/ssl.conf
  C:\Program Files\Tenable\Nessus>nessuscmd -v -p 443 -i 21643 192.168.1.55
  Starting nessuscmd 5.2.7
  Scanning '192.168.1.55'...
  Host 192.168.1.55 is up
  Discovered open port https (443/tcp) on 192.168.1.55
  [i] Plugin 21643 reported a result on port https (443/tcp) of 192.168.1.55
  + Results found on 192.168.1.55 :
     - Port https (443/tcp) is open
       [i] Plugin ID 21643
        | Here is the list of SSL ciphers supported by the remote server :
        | Each group is reported per SSL Version.
        | SSL Version : TLSv1
        |   Medium Strength Ciphers (>= 56-bit and < 112-bit key)
        |       DES-CBC-SHA                  Kx=RSA         Au=RSA      Enc=DES-C
        | C(56)          Mac=SHA1
        |       RC4-MD5                      Kx=RSA         Au=RSA      Enc=RC4(1
        | 8)             Mac=MD5
        |       RC4-SHA                      Kx=RSA         Au=RSA      Enc=RC4(1
        | 8)             Mac=SHA1
        |
        | SSL Version : SSLv3
        |   Medium Strength Ciphers (>= 56-bit and < 112-bit key)
        |       DES-CBC-SHA                  Kx=RSA         Au=RSA      Enc=DES-C
        | C(56)          Mac=SHA1
        |       DES-CBC-SHA                  Kx=RSA         Au=RSA      Enc=DES-C
        | C(56)          Mac=SHA1
        |   High Strength Ciphers (>= 112-bit key)
        |       EDH-RSA-DES-CBC3-SHA         Kx=DH          Au=RSA      Enc=3DES(
        | 68)            Mac=SHA1
        |       RC4-MD5                      Kx=RSA         Au=RSA      Enc=RC4(1
        | 8)             Mac=MD5
        |       RC4-SHA                      Kx=RSA         Au=RSA      Enc=RC4(1
        | 8)             Mac=SHA1
        | The fields above are :

  Hi ,
  "SSL RC4 Cipher Suites Supported" has been documented in bug CSCum03709. 
  CSCum03709    PI 2.0.0.0.294 with SSH vulnerabilities
  Presently, there is no workaround for this vulnerability, however, the fix will be implemented in
  Prime Infrastructure 2.2.which is planned to be released around the end of this year ( tentative)
  Thanks-
  Afroz
  ***Ratings Encourages Contributors ***

• Delivery report shows status of Pending for external address. Email sent to both internal and external addresses.

  We have an Exchange 2013 on-premise server and seem to have an issue with emails sent to internal and external users at the same time.
  The issue came to light because someone sent an email to 44 recipients, of which one was internal. None of the external recipients received the email. I checked the delivery report in the EAC and found the internal email marked as 'Delivered' and all of
  the external ones marked as 'Pending'. I checked the queues and there were none. I did some testing and sent an email to just one of the external addresses on the list, it arrived. I tried sending the email again to all of the recipients, the external ones
  all showed 'Pending'. I tried it again, but this time excluded the internal email address and all of the 43 external emails were immediately delivered.
  So it seems that the issue only arises when we are sending to both internal and external addresses.
  I then tried a test email to one internal address and one external address. The Delivery report says that the internal address was delivered immediately, while the external address is 'Pending' and gives more information saying: 'Message delivery is taking
  longer than expected. There may be system delays. For more information, contact your helpdesk.'. To add further mystery to this, the email was actually delivered.
  So, I have two concerns:
  First is seems that some emails sent both internally and externally are only arriving internally. This is a huge problem because I don't know how many have been affected. There may be many lost emails we don't know about.
  Second, it looks like I can't trust the delivery report. It says pending for some emails which didn't arrive, but it also says pending for some which did arrive. That is no good at all.
  For info the server is running Windows Server 2012. I have run a Microsoft Update to check if there are any to apply and the only Exchange one is a spam filter update, which I doubt has any bearing but I will apply when I get chance.

  Hi Neil,
  According to the description, I find a related KB on Exchange 2010:
  https://support.microsoft.com/kb/2694474?wa=wsignin1.0
  It has the similar situation as yours.
  This issue occurs because a function in a message tracking component tries to obtain the information for the recipient instead of the external recipient.
  Please try to upgrade to the latest Exchange update to check whether this issue can be solved.
  Also please check whether Throttling has been set.
  Please run "Get-TransportService | fl" to check the MaxOutboundConnections parameter value.
  More details to see:
  Message throttling 
  http://technet.microsoft.com/en-us/library/bb232205(v=exchg.150).aspx
  Thanks
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Mavis Huang
  TechNet Community Support

• Can't forward messages to external address - it's impossible to choose e-mail from list

  Hello colleagues! Faced with a strange problem... I have Exchange 2010 SP2, need to forward mail from domain recipient to mail contact (I mean - external e-mail address). So I created this external contact in "Recipient configuration->Mail contact" but
  when I'm trying to select external address from list I see nothing in "forward to" field. I can choose domain recipients only. Does anybody know what is the problem?

  Just curious, why do you need Mail Contact when it's External user. Simply specify email address of the user in
  Forward To:
  Go to properties of Mail Contact... Mail Flow Settings...Message Delivery Restrictions..Make sure that "Requires that all senders are authenticated" is not checked.
  I'm trying to select external address from list I see nothing in "forward to" field.
  Update the OAB.
  Gulab Prasad,
  MCITP: Exchange Server 2010 | MCITP: Exchange Server 2007
  MCITP: Lync Server 2010 | MCITP: Windows Server 2008
  My Blog |
  Z-Hire Employee Provisioning App

• How to install or configure oracle endeca in ebusiness suite R12.1.3 64-bit

  Hi
  Now i currently having oracle ebusiness R12.1.3 64-bit instance which is running on OEL 5U8 64-bit ,
  Can anyone suggest me how to configure the oracle endeca in ebusiness suite???
  Can anyone provide me the link to download the oracle endeca for ebusiness suite R12.1.3 64 bit???

  Hi Hussein,
  Thanks for your valuable reply
  Now i have followed the 2 documents which 1 i need to follow ..
  1. Installing Oracle E-Business Suite Extensions for Oracle Endeca, Release 12.1.3.2 (Doc ID: 1517172.1)
  2. http://docs.oracle.com/cd/E18727_01/doc.121/e37993.pdf
  I Need the output like GUI method for the products..
  i am new to oracle endeca i dnot know how to proceed the installation and configurations 
  while downloading the software from edelivery it shows list of software for endeca which 1 need to download for the installations
  https://edelivery.oracle.com/EPD/Search/handle_go
  Kindly suggest me
  i am waiting for your valuable reply

• How can I control the list of cipher suites offered in the SSL Client Hello message? I want to forbid MD5 and RC4.

  How can I control the list of cipher suites offered in the SSL Client Hello message?
  I want to limit my browser to negotiating strong cipher suites. I'd like to forbid DES, MD5 and RC4.

  Set the related SSL3 prefs to false on the about:config page (Filter: security.ssl3.).
  *http://kb.mozillazine.org/about:config

• Setting cipher suite name in Httprequest header

  Is it possible to set the cipher suite name in http request header ?

  The cipher suite has nothing to do with HTTP. Ciphersuites are only negotiated by the SSL/TLS peers.

• Sending to external address: 550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found

  Hi. We are using now two systems of Exchange. 2010 SP3 on-premises as part of SBS 2011 and Exchange Online. Two yaers 2010 works good. But 2-3 month ago one user began to receive error when he send email from 2010 to Exchange Online:
  550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found
  IMCEAEX-_O=EXCHANGELABS_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIENTS_CN=6FB07FEC5205488CBDFDC30357EFDEF8-TOBIAS@domain.local
  #550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found ##
  Ursprüngliche Nachrichtenköpfe:
  Received: from MX.domain.local ([XXX.XXX.XXX.XXX]) by MX.domain.local
   ([XXX.XXX.XXX.XXX]) with mapi id 14.03.0174.001; Tue, 11 Mar 2014 10:16:10 +0100
  Content-Type: application/ms-tnef; name="winmail.dat"
  Content-Transfer-Encoding: binary
  From: David David<[email protected]>
  To: =?Windows-1252?Q?Tobias_Tobias_?= <[email protected]>
  Subject: AW: radar bilder
  Thread-Topic: radar bilder
  Thread-Index: AQHPPGR6TwWhAAAOtEWIAnQvTY5AzprbnBRr
  Date: Tue, 11 Mar 2014 10:16:10 +0100
  Message-ID: <[email protected]>
  References: <CF437C4B.22C52%[email protected]>
  In-Reply-To: <CF437C4B.22C52%[email protected]>
  Accept-Language: de-DE, en-US
  Content-Language: de-DE
  X-MS-Has-Attach:
  X-MS-TNEF-Correlator: <[email protected]>
  MIME-Version: 1.0
  I have read Internet about this case. And this solutions help to us, but only for one month... But it comes again and again. I
  have read information about X500 address, but these all cases involved
  a local user. When error comes description is about wrong X500 for local user. Why my Exchange 2010 SP3 doesn't send email to external domain, but looking in local database? Of course this address absent in database, because it is
  external address.
  Can be this is due to the fact that the user stores more than 30,000 messages in one folder and OAB always crushed?
  This problem has only one user, and only while he write to Exchange Online domain.
  Thank you!

  Hello,
  Please try to use owa to send a message to exchange online user to check the result.
  Because there are many messages, I recommend you set retention policy, and then apply it to the user's mailbox.
  Cara Chen
  TechNet Community Support

• SMTP for external address

  Hi!
  I'm using was 620 and with transaction SCOT I have setup the node for SMTP. If I try to send a mail for a internal outlook address the system work fine, but if I try to send a mail for an external address (address with external internet provider) the system dosn't work and the error message is:
  "802 = 550 5.7.1 Unable to replay for [email protected]"
  [email protected] is an example.
  How I can send mail with SCOT for external address?
  Thank you very mutch,
  Gianluca

  Hi,
  When you create a node in SCOT, you can choose HTTP or RFC. with HTTP type node, you can only communicate over http (like sending SMS) as the description says there. To use an internet mail functionality, you need to define an RFC type node.
  With RFC type node, you will need to specify a RFC destination in the definition of the node (you can check the definition of some other nodes in SCOT by double-clicking them). This RFC Destination is nothing but a program (or a script) that is triggered from SAP for mail-send. This RFC destination must then have already been created using SM59, and must point to the right mail-send program.
  Essentially, to be able to send emails outside to public email-ids, you need to have some way of connecting to the public mail network. The exe progra (like sendmail.exe) that is configured as an RFC destination enables this on SAP. Once you send a mail from SAP, it is sent to this configured RFC destination, which runs the corresponding OS level exe to connect to the public mail network and send the mail.
  SAP doesn't provide such exe programs so you will need to procure it on your own (as far as I know). Once you have such a program, it should be possible to do the rest of the setup to have an RFC type node.
  cheers,
  Message was edited by: Ajay Das