Unlimted Strength Encryption?

I am aware that with j2sdk v1.4 beta3 that the jce is packaged with Strong encryption, dictated buy the jurisdiction policy files, local_policy.jar and us_export_policy.jar and that these can be replaced with files that allow 'unlimited' strength encryption!
But what about jce1.2.1. I am unable to find any reference to files that do the same for the optional package for java 1.3 users. Does the package come with Unlimited Strength as standard. I doubt this is the case?
Any answers will be greatly appreciated!
Regards,
Thee olde wizard

From the JCE 1.2.2 FAQ:
Since the US government has relaxed export restrictions on
cryptographic strengths, the JCE 1.2.2 software from Sun Microsystems
now has a single distribution for both domestic and global users. The
bundled jurisdiction policy files contain no restrictions on
cryptographic strengths. I believe the same was true of 1.2.1

Similar Messages

  • How to Update Encryption in WebLogic 7

    I am currently working on a web application and our payment provider has stopped supporting low strength encryption. This has caused the webapp to fail each time we try to send a secure transaction thru to the Payment Provider.
    Does anyone know the best way to update our encryption strength within WebLogic to minimally a medium-strength encryption?
    Our current encryption is 'exportable' and as mentioned does not meet their new standards. We are running WebLogic 7 with Java 1.3.1.
    Thanks in advance

    use your console to create a web-app from the directory with the web-inf and your jsp. Hit deploy and it should work.
    War files are not necesary, for fast jsp development its even better to not use wars.

  • How can I find out if an installation of Unified Development Server is 128 or 40 bit encryption

    I have UDS installed, I would like to know whether its 128 or 40 bit encryption

    UDS 3.5 and above include cryptography support. This comes as direct access to cryptography primitives as well as indirect access when using the builtin SSLExternalConnection class that supports SSL 3.0. The early versions shipped two different cryptography strengths are required by export controls. The latest versions of UDS are now allowed to ship the higher strength encryption to all customers. My previous post gave a way to determine which cryptography support was installed in your installation.

  • Encryption For Backups ?

    Hi,
    I want to make a back-up to a DVD and have the disc 'off-site', i.e. at a friend's house. Is there a way to encrypt the data, so that no one can read them? Military-strength encryption isn't needed; just enough to keep curious eyes away.
    Thanks.

    4.7 GB is too large for a single layer DVD. 4.38 GB
    is the maximum that will fit. Once you have burned
    the DVDs (you may want to make more than one, if the
    data is valuable, and store in separate locations),
    you can delete the disk image file. Don't forget the
    password for the encrypted file. Mount one of the
    DVDs, and make sure the password works, and the files
    are readable.
    Right, well the DVD is readable in my Mac, even with the image deleted from $HOME. However, when I put the DVD into a machine at work today (Windows), it didn't even see the disk.
    D.C.

  • Applying Strong Encryption after portal install

    How do you apply strong encyryption after the portal install? I am sure I have seen in an installation guilde.
    I am using IBM AIX. I downloaded the two encryption file sets:
    SAP Cryptographic Library IBM AIX for RS6000/Power
    SAP JAVA CryptoToolkit (J2EE Engine as of Release 6.30)
    I am using EP6 SP11.
    The CryptoToolkit contains a SDA file that I use SDM to install but I do not know what to do with the file in the Cryptographic Library.
    Can anyone help?
    Thanks
    Patrick

    Hi Patrick,
    the "SAP Cryptographic Library" is the crypto code for ABAP servers. The "SAP Java Cryptographic Toolkit" is the one you need for SAP J2EE Engine (WebAS Java).
    To be able to use any Java crypto toolkit ("JCE provider") without restrictions regarding key size etc., you need to replace the default "JCE policy files" shipped with the JDK by the "JCE policy files for unlimited strength encryption" from your JDK provider.
    As you can see in SAP note 796540, for IBM JDK, you can download the files (after registration) from https://www6.software.ibm.com/dl/jcesdk/jcesdk-p
    Best regards
    Heiko

  • SSL Medium Strength Cipher Suites Supported vulnerability

    Kind of an odd thing.  We just had a vulnerability scan and a 2960 got pinged for supporting medium strength SSL cipher suites.  I say strange cause I have 3 others that have the same IOS image and they didn't get pinged.  Swap out the management IP address and they are all the same.  They are all running 12.2(52)SE C2960-LANBASEK9-M, with a 768 bit keys.  Here is the text of the vulnerability :
    Synopsis : The remote service supports the use of medium strength SSL ciphers. Description : The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as those with key lengths at least 56 bits and less than 112 bits.
    Reconfigure the affected application if possible to avoid use of medium strength ciphers. / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) Plugin output : Here are the medium strength SSL ciphers supported by the remote server : Medium Strength Ciphers (>= 56-bit and < 112-bit key) SSLv3 EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1 DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 TLSv1 EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1 DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 The fields above are : {OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag}
    Can someone point me in the right direction on how to re-configure the switch to pass this test?
    Thanks
    Poirot

    I believe the alert there is because you are using a 768 key which was broken recently (Jan 2010 a paper was published on it with results from efforts that took 4 years to break 768 keys). 768bit RSA keys is not considered secure enough any more.
    I would suggest you to configure keys of 1024 on these switches and try again.
    I hope it helps.
    PK

  • Portal Runtime Error while performing User Mapping  to SAP SRM

    Please find below the error I received while User Mapping from  Enterprise Portal to SAP SRM :
    Portal Runtime Error
    An exception occurred while processing a request for :
    iView : pcd:portal_content/administrator/super_admin/super_admin_role/com.sap.portal.user_administration/com.sap.portal.user_mapping/com.sap.portal.userMappingAdmin/com.sap.portal.userMappingAdmin
    Component Name : com.sap.portal.usermanagement.admin.UserMappingAdmin
    User Mapping not fully available..
    Exception id: 04:21_23/06/05_0073_8097650
    See the details for the exception ID in the log file

    Hi,
    yes, Karsten is correct. Just some background:
    "User Mapping not fully available.." finally means that user mapping is configured to use strong encryption, but the main crypto key for user mapping is missing. Usually, that's because "SAP Java Cryptographic Toolkit" and/or "JCE policy files for unlimited strength encryption" are not installed (or the server hasn't be restarted afterwards). The note will most likely help
    Best regards
    Heiko

  • Input and output varaiables are not shown

    Hi,
    I am using BICS connectivity to connect to a BeX query from Xcelsius. I am able to logon to SAP use datamanager conn and also able to select a query. But after that the query input and output variables are not shown. Instead all those fields are greyed out. I am not sure whether am missing any configuration. Please let me know if anyone have workaround for this issue.
    Thanks,
    Sivakami - SEMC SAP team

    That is interesting.  The first (AES) is producing a 128-bit key, the second (aes) is producing a 256-bit key.
    Producing a 256-bit key should not be possibe without the JCE/JCA Unlimted strength policy files installed, I have those files, installed, do you?
    If someone who doesn;t have ththe policy files installed tried it, what do they get?
    I would suspect that the case-sensitive nature of the underlying JVM is causing it to choose a different Crypto Provider when you use aes than when you use AES. The JVM that ColdFusion ships with (and the standard JVM) have severa crypto providers to choose from, plus ColdFusion Enterprise and Developer addition also include the BSafe Crypto-J provider), I think there are 10-11 total.
    I would log a bug for this.
    FYI, you can control this by using the optional keylength argument in generateSecretKey()
    These two statements will produde keys with the same length.
    #arrayLen(binarydecode(generateSecretKey("AES", 128),"base64") )#
    #arrayLen(binarydecode(generateSecretKey("aes", 128),"base64") )#

  • Can using BouncyCastle be an alternative to installing the policy files?

    Hey, sorry if this is a dumb question but I have been looking into this all day.
    I want to write a program that incorporates unlimited strength encryption, but installing the JCE Unlimited Strength Jurisdiction Policy Files is not an option (I can do it on one of the development machines, but I don't have write access to JAVAHOME on the other, and I can't expect every user of the program to install these files).
    Now I know that if I specify BouncyCastle as a provider when using JCE, I still have to install the above files... but what if I don't use JCE and I use the algorithms provided (handily without any form of documentation whatsoever) by BouncyCastle - can this be a workaround? I've heard conflicting views on this.
    If this isn't the case, can anyone please point me in the right direction of what I could do instead? Ie. if there was some way to include these files in the classpath rather than actually install them.
    Also, if using BC is a solution to problem, I would really appreciate it if anyone has such an example of AES-256 encryption and decryption with CBC and padding that they could point me in the direction of, I am having a real issue figuring out the BC API.
    Thank-you so much if you can help me.

    As long as you use the BouncyCastle lightweight crypto API rather than the JCE you should not encounter any of the JCE's restrictions. This means you cannot use Cipher.getInstance("Whatever/ABCCBC/TooMuchPadding", "BC"). Just include the lightweight api jar in your class path; the source is here: http://www.bouncycastle.org/download/lcrypto-jdk1<whatever>-139.zip
    I haven't played with bouncycastle in awhile, but I think something like this will get you started:
    BlockCipher aes = new AESEngine();
    CBCBlockCipher aes_cbc = new CBCBlockCipher(aes);
    byte [] key = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16}; // 16 bytes for AES-128
    CipherParameters params = new KeyParameter(key);
    aes_cbc.init(true, params);
    //...

  • What channels come with the DTA HD boxes

    ...and no one at COMCAST can tell you what channels come with the DTA HD boxes.  All they do is send you a link to sign in...typical COMCAST

    pablomunich wrote:
    ...and no one at COMCAST can tell you what channels come with the DTA HD boxes.  All they do is send you a link to sign in...typical COMCAST
    Apologies for any confusion we may have caused.
    Currently, the DTAs (small boxes) are limited to viewing (up to and including) Digital Starter content.
    Our DTAs don't yet support full strength encryption like full cable boxes do. Full-strength encryption is currently required for authorizing premium channels (like HBO) on a DTA.
    DTAs that we have deployed support "privacy mode". This is a limited fixed passkey form of content protection.
    We have no current plans to activate full-strength encryption, but if we were to do that in the future it would be done in a way that would be in compliance with FCC rules, including obtaining any necessary FCC waivers.
    Some additional background at the link below (the article is from 2012 but still a good primer):
    http://www.lightreading.com/spit-(service-provider-it)/security-platforms/comcasts-dtas-security-optional/d/d-id/660833
    We can certainly arrange to swap your DTA for a full cable box. Please give us a call at 1-800-COMCAST or stop by one of the the local service centers below to swap your box.
    73 Rock Ave
    Plainfield, NJ 07063
    MONDAY-SATURDAY: 9:30am-6:30pm SUNDAY: closed
    800 Rahway Ave
    Union, NJ 07083
    MONDAY-SATURDAY: 9:30am-6:30pm SUNDAY: closed
    381 Lord St
    Avenel, NJ 07001
    MONDAY-SATURDAY: 9:30am-6:30pm SUNDAY: closed
    Additional information here: http://customer.comcast.com/help-and-support/cable-tv/digital-adapter-enhancement
    Attached lineup for your area should also help, also sent this to you via e-mail. Digital Starter includes Limited Basic plus Expanded Service in your area

  • SOAP message security fault:FailedCheck error

    Hi,
    I have a client application that adds a signature to the SOAP request. (Most of
    the code has been taken from "Writing the Java Code to Invoke a Secure Non-WebLogic
    Web Service" at http://e-docs.bea.com/wls/docs81/webserv/security.html)
    Enabling the jvmarg verbose flag in build.xml indicates that the request going
    out has a wsse:Security element with a signature, binary and username token.
    The response from the server is as follows :
    [java] <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:soapenc="http://sche
    mas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><en
    v:Header/><env:Body><env:Fault xmlns:fault="http://schemas.xmlsoap.org/ws/2002/0
    7/secext"><faultcode>fault:FailedCheck</faultcode><faultstring>failed security
    c
    heck for message body</faultstring></env:Fault></env:Body></env:Envelope>
    After which i get a javax.xml.rpc.soap.SOAPFaultException: failed security check
    for message body.
    I believe that i maybe getting this error because the server is unable to verify
    the signature for some reason. Am i missing something here?
    Also please let me know if you need more information to diagnose the problem.
    thanks,
    Nadeem.

    The root cause being:
    [java] [weblogic.xml.security.encryption.EncryptionException: http://www.w3
    org/2001/04/xmlenc#tripledes-cbc can only be used with a domestic license]].>
    I believe the security frameworks checks the WebLogic license file
    (license.bea) to determine whether to use domestic or international
    strength encryption.
    Nadeem Ilkal wrote:
    Hi Bruce,
    I tried the example you pointed out and i am getting the following exception.
    The signature and encryption verbose flags are enabled by default in build.xml.
    run:
    [java] <Jun 2, 2003 11:19:22 AM PDT> <Info> <webservice> <BEA-220024> <Hand
    ler weblogic.webservice.core.handler.WSSEClientHandler threw an exception from
    i
    ts handleRequest method. The exception was:
    [java] weblogic.xml.security.SecurityConfigurationException: Failed adding
    encryption to request - with nested exception:
    [java] [weblogic.xml.security.SecurityProcessingException: Problem adding
    e
    ncrypted key - with nested exception:
    [java] [weblogic.xml.security.encryption.EncryptionException: http://www.w3
    org/2001/04/xmlenc#tripledes-cbc can only be used with a domestic license]].>
    [java] java.rmi.RemoteException: SOAP Fault:javax.xml.rpc.soap.SOAPFaultExc
    eption: Failed adding encryption to request; nested exception is:
    [java] javax.xml.rpc.soap.SOAPFaultException: Failed adding encryption
    to request
    [java] at sign.SecurityPort_Stub.echo(SecurityPort_Stub.java:30)
    [java] at sign.SecureClient.main(SecureClient.java:63)
    [java] Caused by: javax.xml.rpc.soap.SOAPFaultException: Failed adding encr
    yption to request
    [java] at weblogic.webservice.core.ClientDispatcher.receive(ClientDispa
    tcher.java:270)
    [java] at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDisp
    atcher.java:131)
    [java] at weblogic.webservice.core.DefaultOperation.invoke(DefaultOpera
    tion.java:430)
    [java] at weblogic.webservice.core.DefaultOperation.invoke(DefaultOpera
    tion.java:416)
    [java] at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:2
    75)
    [java] at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:2
    50)
    [java] at sign.SecurityPort_Stub.echo(SecurityPort_Stub.java:27)
    [java] ... 1 more
    [java] Exception in thread "main"
    [java] Java Result: 1
    thanks,
    Nadeem.
    Bruce Stephens <[email protected]> wrote:
    Hello,
    Have you tried going through the example:
    http://webservice.bea.com/index.html#qz15 and making sure this works
    OK
    for you?
    Also, try the following system properties to view more runtime security
    information:
    weblogic.xml.encryption.verbose=true
    weblogic.xml.signature.verbose=true
    HTH,
    Bruce
    Nadeem Ilkal wrote:
    Hi,
    I have a client application that adds a signature to the SOAP request.
    (Most of
    the code has been taken from "Writing the Java Code to Invoke a Secure
    Non-WebLogic
    Web Service" at http://e-docs.bea.com/wls/docs81/webserv/security.html)
    Enabling the jvmarg verbose flag in build.xml indicates that the request
    going
    out has a wsse:Security element with a signature, binary and username
    token.
    The response from the server is as follows :
    [java] <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:soapenc="http://sche
    mas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><en
    v:Header/><env:Body><env:Fault xmlns:fault="http://schemas.xmlsoap.org/ws/2002/0
    7/secext"><faultcode>fault:FailedCheck</faultcode><faultstring>failed
    security
    c
    heck for message body</faultstring></env:Fault></env:Body></env:Envelope>
    After which i get a javax.xml.rpc.soap.SOAPFaultException: failed security
    check
    for message body.
    I believe that i maybe getting this error because the server is unable
    to verify
    the signature for some reason. Am i missing something here?
    Also please let me know if you need more information to diagnose the
    problem.
    thanks,
    Nadeem.
    [att1.html]

  • SSL implementation not available ... Help!

    Using WLS 7.0 SP2 on HP-UX and when attempting to establish an outoing SSL connection
    I receive an "SSL implementation not available" exception.
    In the International version of WLS 7.0 I am able to establish the SSL connection,
    but when the same application is loaded into the same version of the Domestic
    WLS, it produces the exception.
    Usually I expect that exception when there is no appropriate CSP (Cryptographic
    Service Provider) entry in JAVA_HOME/jre/lib/security/java.security? How does
    one configure a Third Party CSP (Cryptographic Service Provider) for use in WLS?
    I am trying to use the Sun CSP.
    The code snippet that works on International WLS but not in Domestic WLS is below:
    String target = "https://localhost/testApp/NotificationServlet";
    URLConnection urlc = null;
    URL targetWebService;
    // load input file
    // Construct the URL using the HTTPS URL stream handler
    targetWebService = new URL(null, target, new Handler());
    java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
    urlc = targetWebService.openConnection();
    urlc.setRequestProperty("Content-Type" , "text/xml" ) ;
    ((HttpURLConnection)urlc).setRequestMethod("POST") ; // It's a post request
    urlc.setDoOutput(true);
    urlc.setDoInput(true);
    OutputStream os = urlc.getOutputStream() ;
    os.write ( buf ) ;
    os.flush() ;
    os.close() ;
    } catch (IOException ioex) {
    System.out.println("PBM_APPLICATION_0252 Unable to connect to " + target
    + " " + ioex.getMessage());
    } catch (Exception ex) {
    System.out.println("PBM_APPLICATION_0252 Unable to connect to " + target
    + " " + ex.getMessage());
    Thanks.

    In 7.0 SSL implementation used by weblogic tries to use JCE provider before defaulting
    to its own. So, you should be able to make it use Sun's provider by moving it
    in front in java.security file, or doing the same through api. In any case, even
    when no JCE provider is configured, it should not fail. One of the reasons it
    could fail, though, is if you do not have proper SSL license (i.e. trying to do
    domestic strength encryption while having export license), but I think the error
    message would be different in this case.
    Are you passing weblogic.net.https.Handler to URL constructor? If yes, you can
    try to set ssl debug flags on to get more info about the failure: -Dssl.debug=true
    -Dweblogic.StdoutDebugEnabled=true
    Pavel.
    "L Selleck" <[email protected]> wrote:
    >
    Using WLS 7.0 SP2 on HP-UX and when attempting to establish an outoing
    SSL connection
    I receive an "SSL implementation not available" exception.
    In the International version of WLS 7.0 I am able to establish the SSL
    connection,
    but when the same application is loaded into the same version of the
    Domestic
    WLS, it produces the exception.
    Usually I expect that exception when there is no appropriate CSP (Cryptographic
    Service Provider) entry in JAVA_HOME/jre/lib/security/java.security?
    How does
    one configure a Third Party CSP (Cryptographic Service Provider) for
    use in WLS?
    I am trying to use the Sun CSP.
    The code snippet that works on International WLS but not in Domestic
    WLS is below:
    String target = "https://localhost/testApp/NotificationServlet";
    URLConnection urlc = null;
    URL targetWebService;
    // load input file
    // Construct the URL using the HTTPS URL stream handler
    targetWebService = new URL(null, target, new Handler());
    java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
    urlc = targetWebService.openConnection();
    urlc.setRequestProperty("Content-Type" , "text/xml" ) ;
    ((HttpURLConnection)urlc).setRequestMethod("POST") ; // It's a
    post request
    urlc.setDoOutput(true);
    urlc.setDoInput(true);
    OutputStream os = urlc.getOutputStream() ;
    os.write ( buf ) ;
    os.flush() ;
    os.close() ;
    } catch (IOException ioex) {
    System.out.println("PBM_APPLICATION_0252 Unable to connect
    to " + target
    + " " + ioex.getMessage());
    } catch (Exception ex) {
    System.out.println("PBM_APPLICATION_0252 Unable to connect
    to " + target
    + " " + ex.getMessage());
    Thanks.

  • WLS (40-bit) to WLS (128 bit) installation

    Hopefully this will help shed some light on the subject.
    Terry
    If you receive the following warning:
    <I> <Security> WARNING: Exportable (weak) WebLogic Server build running and
    domestic (full) strength SSL license detected. Only exportable strength SSL
    connections will be accepted.
    This indicates that you have a full strength certificate but a weak strength
    build of the server. For full strength encryption there is a different WLS
    build. The generally-available (weak/40-bit) version of WLS 5. 1 supports
    512-bit certificates and 40-bit bulk data encryption. The full strength
    (128-bit) WLS 5.1 build supports 768-bit and 1024-bit certificates and
    128-bit bulk data encryption. Your sales contact can provide the required
    forms and a special URL to download the full strength build of WebLogic.
    The installation for the 128-bit version is the same as the installation for
    the 40-bit version. When converting to the 128-bit version a complete
    re-installation is necessary. If you are installing service packs, please
    note that although Service Packs 1-5 are the same for both the 40-bit and
    128-bit versions, SP6 for the 128-bit version is a controlled release. In
    order to obtain SP6 for WLS 5.1 (128-bit), you will need to contact your
    sales representative who will be able to provide a URL where it can be
    downloaded.
    Some other notes concerning the 128-bit installation. First, ensure that
    you are using the permanent license that has been updated with the 128-bit
    key. Second, for information on setting up WLS SSL (i.e. installing
    1024-bit security certificates), please see the documentation at:
    http://www.weblogic.com/docs51/classdocs/API_secure.html.
    It is my understanding that the difference between the 40-bit and 128-bit
    versions of WLS 5.1 is in the encryption/decryption module. Since the
    difference is limited to this particular module, transitioning from the
    40-bit to the 128-bit version should be transparent as far as WLCS (3.1.1
    SP1 & 2.01 SP2) is concerned. This is supported by the fact that there is a
    single version of WLCS for both domestic use and export use.
    A couple of general notes concerning WLCS 3.1.1/2.0.1 installations running
    on top of WLS 5.1 (40-bit or 128-bit) SP6:
    WLCS 3.1.1: To date, support cases have not been received with a WLCS
    3.1.1 installation running on top of WLS
    5.1 (40-bit/128-bit) SP6 where SP6 has been determined to be the
    problem.
    WLCS 2.0.1: With one minor exception (see Solution S-05838 below),
    support cases have not been received with a
    WLCS 2.0.1 installation running on top of WLS 5.1 (40-bit/128-bit) SP6
    where SP6 has been determined to be the
    problem.
    A couple of general notes concerning WLCS 2.01 and WLS 5.01 (40- or 128-bit)
    Service Packs 1-6:
    - There have been problems when using SP1, SP2 and SP3 for WLS 5.
    - Therefore, SP4 (minimum) is required.
    - To date, support cases have not been received where SP5 has been
    determined to be a problem.
    - There is one small issue related to SP6 (see Solution S-05838 below).
    Otherwise, support cases have not been
    received where SP6 has been determined to be a problem.
    - Following the SP6 installation, all the JSPs will need to be
    recompiled. Due to the custom tags used in WLCS 2.0.1,
    the JSPs cannot be pre-compiled. Therefore, recompiling will occur as
    the pages are accessed.
    Please see the release notes that accompany each service pack downloads for
    issues that are resolved with each particular
    service pack.
    Solution S-05838
    A better solution to the problem: WLCS 2.0.1 only: DataLoader script causes
    ASCClientException with WLS 5.1 SP6
    Old Solution:
    Use WLS 5.1 SP5 to run the DataLoader, THEN upgrade to SP6.
    New Solution:
    You can run the DataLoader without exceptions for WLCS 2.0.1 SP2 and WLS 5.1
    SP6 if you modify the script to use t3 socket connections instead of http.
    Open the DataLoader script for editing and change the two appearances of
    "http://" to "t3://".

    You need to contact your sales rep and get the domestic strength version of
    WLS.
    Michael Girdley
    Product Manager, WebLogic Server
    BEA Systems Inc.
    Ravi Kumar.T <[email protected]> wrote in message
    news:8945ju$lu8$[email protected]..
    Where to specify the no of bits for encryption for SSL. Is it depend on
    verisign certificates installed!!
    We are using we weblogic 4.5.1 on Solaris. and my site is having following
    encryption
    SSL 3.0, RC4 with 40 bit encryption (Low); RSA with 512 bit exchange
    and I have seen some other sites are having
    SSL 3.0, RC4 with 128 bit encryption (High); RSA with 1024 bit exchange
    thanks..
    ravi

  • Failing PCI Compliance Scan - SSL Weak...

    Hello,
    I currently use the WRVS4400n v2 (latest update) for my small business. I store and transmit data that contains credit card information and need to be PCI compliant. Regardless of which settings I change on the router, like turning off remote management, I keep failing the scan. ControlScan uses Nessus and the results are below (2 vulnerabilities).
    I did some research and spent some time with Cisco Sales Chat and they recommended a ASA5500 only to realize that it too had the same vulnerabilities. I did more research and it seemed that the SA520w (I need wireless) would do it but I found a thread on this forum saying that a client who had the SA520w did not pass the scan failed due to SSL vulerability (need v3+ ?). The thread is at https://supportforums.cisco.com/thread./2060512
    Question: What router/appliance should I use to be PCI compliant? Three has to be something, we're talking, this is Cisco.
    Thank you in advance for your help,
    Christophe
    Threat ID: 126928
    Details:
    IP Address: XX.XXX.X.XXX
    Host: XX.XXX.X.XXX
    Path:
    THREAT REFERENCE
    Summary:
    SSL Weak Cipher Suites Supported
    Risk: High (3)
    Type: Nessus
    Port: 60443
    Protocol: TCP
    Threat ID: 126928
    Information From Target:
    Here is the list of weak SSL ciphers supported by the remote server :
    Low Strength Ciphers (< 56-bit key)
    SSLv2
    EXP-RC2-CBC-MD5            Kx=RSA(512)   Au=RSA     Enc=RC2(40)      Mac=MD5    export    
    EXP-RC4-MD5                Kx=RSA(512)   Au=RSA     Enc=RC4(40)      Mac=MD5    export    
    The fields above are :
    {OpenSSL ciphername}
    Kx={key exchange}
    Au={authentication}
    Enc={symmetric encryption method}
    Mac={message authentication code}
    {export flag}
    Solution:
    Reconfigure the affected application if possible to avoid use of weak
    ciphers.Details:
    The remote host supports the use of SSL ciphers that offer either weak encryption or no encryption at all.
    Threat ID: 142873
    Details:
    IP Address: XX.XXX.X.XXX
    Host: XX.XXX.X.XXX
    Path:
    THREAT REFERENCE
    Summary:
    SSL Medium Strength Cipher Suites Supported
    Risk: High (3)
    Type: Nessus
    Port: 60443
    Protocol: TCP
    Threat ID: 142873
    Information From Target:
    Here are the medium strength SSL ciphers supported by the remote server :
    Medium Strength Ciphers (>= 56-bit and < 112-bit key)
    SSLv2
    DES-CBC-MD5                Kx=RSA        Au=RSA     Enc=DES(56)      Mac=MD5   
    SSLv3
    DES-CBC-SHA                Kx=RSA        Au=RSA     Enc=DES(56)      Mac=SHA1  
    TLSv1
    DES-CBC-SHA                Kx=RSA        Au=RSA     Enc=DES(56)      Mac=SHA1  
    The fields above are :
    {OpenSSL ciphername}
    Kx={key exchange}
    Au={authentication}
    Enc={symmetric encryption method}
    Mac={message authentication code}
    {export flag}
    Solution:
    Reconfigure the affected application if possible to avoid use of
    medium strength ciphers.Details:
    The remote host  supports the use of SSL ciphers that offer medium strength encryption,  which we currently regard as those with key  lengths at least 56 bits  and less than 112 bits.

    Chris,
    As i understand right now none of the Small Business router are PCI compliance ever since PCI 3.0 was released. How you overcome this; you'll need to forward any ports you are failing on to a ghost IP.. Ghost ip (any ip address that isn 't being used) If you are using those ports , then you will lose that service as the router isn't PCI 3.0 compliant.
    Jason
    I do believe the ASA5505 are PCI 3.0 Compliant.

  • Airport Extreme Card wont connect to D-Link DIR-615 (wireless N router)

    Hi, I got an old Mac G5 that has the airport extreme card in it and can't connect to the internet through with my D-Link DIR-615. I tried a couple options on a MAC but didn't work. I have a Laptop running Windows Vista and had no problem connecting. I'm using WPA for security and my password has 31 characters. Do you guys think That I have to change the length of my password to 26 or even less? Is there any guide that you guys may know that cuold help me on this issue?
    Thanks a lot.
    Masrocha

    Password
    40-bit hex
    40-bit ASCII
    128-bit hex
    128-bit ASCII
    LEAP
    This would be telling me that your G5's AirPort is NOT "seeing" the D-Link's wireless network as encrypted with WPA, but with WEP instead. This typically can be caused by either the D-Link's current configuration is incompatible with the AirPort card or that there is something amiss with the AirPort card itself.
    BTW, My D-Link has WEP, WAP-Personal and WAP-Enterprise
    Ok, we will want to stick with either WEP or WPA-Personal.
    We now have two choices: 1) Continue to troubleshoot additional configuration changes to the D-Link to try to get WPA to work with your G5, or 2) Switch to the lower strength encryption: WEP.
    Which would you prefer to try?

Maybe you are looking for

  • HT5610 how do I deauthorize a pc that is not working

    how do I deauthorize a pc that is not working

  • Unable to create Alias in 11g

    Hi I have one product table. i am trying to create Alias on Product table. In physical layer i was right clicked on Product table. It shows all options( like New object, Update row count, view data.......etc) when i am moving cursor on New object it

  • Software to watch TV online

    Hi, I'm not sure which forum to ask about this, but here goes. There are dozens and dozens of sites that claim to offer a multitude of TV stations to watch in HD and/or live for about $50 for the purchase of software. Below are several such sites, si

  • I want to use the expression edit control in a VC++ DLL, how?

    Good morning, as mentioned I want to use the expression edit control in my DLL written with VSC++ 2005 MFC. But I ran into some problems: If I just add the ExpressionEdit control from the toolbar to my dialog then the dialog will not be shown during

  • Iphone 3rd party power cords stopped working

    All of a sudden my third party power adapters are no longer working. Any one know why??