TLS 1.2 Certified with E-Business Suite 12.2

I’m pleased to announce that Oracle E-Business Suite 12.2 inbound, outbound, and loopback connections are now certified with TLS 1.2, 1.1, and 1.0. If you have not already migrated from SSL to TLS, you should begin planning the migration for your environment. 

For more information on patching and configuration requirements when migrating to TLS 1.2 from TLS 1.0 or SSL, refer to the following My Oracle Support Knowledge Document:

• Enabling TLS in Oracle E-Business Suite Release 12.2 (Note 1367293.1)

The steps and configuration outlined in MOS Note 1367293.1 will address recent security vulnerabilities (e.g. Weak Cipher Suites/FREAK, POODLE, DROWN).

Configuration Options

• Certification with TLS 1.2, 1.1 and 1.0

  The default Oracle E-Business Suite 12.2 configuration allows for the handshake between the client and server to negotiate and use the highest version of TLS (either 1.2, 1.1, or 1.0) supported end-to-end by all parties.

For example, if the outbound connection used by iProcurement is by default configured for TLS 1.2, 1.1 and 1.0 and if a call is made from Oracle E-Business Suite iProcurement to an external site that supports TLS 1.2 and a common cipher suite is found, then TLS 1.2 will be used end-to-end. If a call is made from Oracle E-Business Suite iProcurement to an external site that supports TLS 1.1 and a common cipher suite is found, then the handshake negotiation will resolve to use TLS 1.1 for the connection encryption.

• Restricting the TLS Protocol (Optional Configuration)

You may optionally configure Oracle E-Business Suite to use the highest level of TLS certified with Oracle E-Business Suite Release 12.2. This option currently allows you configure TLS 1.2 for all inbound, outbound and loopback connections. 

Warning: If you restrict Oracle E-Business Suite 12.2 to use only TLS 1.2, this configuration could result in the inability to connect to other sites or browsers that do not support TLS 1.2.

• Restricting Connections to HTTPS Only (Optional Configuration)

You also may optionally configure Oracle E-Business Suite to disable the HTTP port and use the HTTPS port only. 

Where can I learn more? There are several guides and documents that cover Oracle E-Business Suite 12.2 secure configuration and encryption. You can learn more by reading the following:

• Oracle E-Business Suite Security Guide – Secure Configuration (HTML)
• Enabling TLS in Oracle E-Business Suite 12.2 (Note 1367293.1)

SSL or TLS 1.0 Reference Note

If you are using SSL or TLS 1.0 and need to review your current configuration or renew your certificate, you may refer to the following:

• Enabling SSL or TLS in Oracle E-Business Suite Release 12.2 (Note 2143101.1)

Related Articles

• Critical Patch Update for April 2016 Now Available
• Enhance E-Business Suite Security By Switching to TLS