Essbase Does Not Support Modern Cipher Suites

Essbase 11.1.2.4.x and prior, has supported communication using SSL or TLS encryption. You could rest easier knowing your data flow from your direct connections to Essbase would be secured. However, the technology used to secure communications has evolved to utilize new algorithms. Plain old “SSL” is now seen as less secure and your organization’s security scanner software may be flagging your Essbase communications as a risk!

As of this writing, Oracle HTTP Server 12.2.1.4 recommends a very short list of TLSv1.2 ciphers for secure communications. None of those are supported by Oracle Essbase. Per Oracle Support, again as today’s date, the only supported configuration for the SSL Cipher Suites are these 6 ciphers:

    SSL_RSA_WITH_RC4_128_MD5 (default)

    SSL_RSA_WITH_RC4_128_SHA

    SSL_RSA_WITH_3DES_EDE_CBC_MD5

    SSL_RSA_WITH_DES_CBC_SHA

    SSL_RSA_WITH_AES_128_CBC_SHA

    SSL_RSA_WITH_AES_256_CBC_SHA

The TLSv1.2 ciphers recommended for securing OHS:

   TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

   TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

   TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

It is fair to note that Essbase21c is not restricted to the less-secure suites, so keep this in mind when making plans to move to your next implementation of Oracle Enterprise Performance Management Suite!