X

The Latest Technology Stack News Directly from EBS Development

TLS 1.2 Certified with E-Business Suite 12.2

By: Elke Phelps | Product Management Director

I'm pleased to announce that Oracle E-Business Suite 12.2 inbound, outbound, and loopback connections are now certified with TLS 1.2, 1.1, and 1.0. If you have not already migrated from SSL to TLS, you should begin planning the migration for your environment. 

For more information on patching and configuration requirements when migrating to TLS 1.2 from TLS 1.0 or SSL, refer to the following My Oracle Support Knowledge Document:

The steps and configuration outlined in MOS Note 1367293.1 will address recent security vulnerabilities (e.g. Weak Cipher Suites/FREAK, POODLE, DROWN).

Configuration Options

  • Certification with TLS 1.2, 1.1 and 1.0

    The default Oracle E-Business Suite 12.2 configuration allows for the handshake between the client and server to negotiate and use the highest version of TLS (either 1.2, 1.1, or 1.0) supported end-to-end by all parties.

For example, if the outbound connection used by iProcurement is by default configured for TLS 1.2, 1.1 and 1.0 and if a call is made from Oracle E-Business Suite iProcurement to an external site that supports TLS 1.2 and a common cipher suite is found, then TLS 1.2 will be used end-to-end. If a call is made from Oracle E-Business Suite iProcurement to an external site that supports TLS 1.1 and a common cipher suite is found, then the handshake negotiation will resolve to use TLS 1.1 for the connection encryption.

  • Restricting the TLS Protocol (Optional Configuration)

You may optionally configure Oracle E-Business Suite to use the highest level of TLS certified with Oracle E-Business Suite Release 12.2. This option currently allows you configure TLS 1.2 for all inbound, outbound and loopback connections. 

Warning: If you restrict Oracle E-Business Suite 12.2 to use only TLS 1.2, this configuration could result in the inability to connect to other sites or browsers that do not support TLS 1.2.

  • Restricting Connections to HTTPS Only (Optional Configuration)

You also may optionally configure Oracle E-Business Suite to disable the HTTP port and use the HTTPS port only. 

Where can I learn more? There are several guides and documents that cover Oracle E-Business Suite 12.2 secure configuration and encryption. You can learn more by reading the following:

SSL or TLS 1.0 Reference Note

If you are using SSL or TLS 1.0 and need to review your current configuration or renew your certificate, you may refer to the following:

Related Articles

Join the discussion

Comments ( 2 )
  • guest Wednesday, June 29, 2016

    Are there any extra steps which are required to make R12 interoperate with OID 11.1.1.9 when the latter uses an SHA2 certificate?

    I had to replace an expiring SHA1 certificate on OID with SHA2 last month and since then I have been unable to register additional instances with OID, although a pre-existing instance registration was unaffected.

    My problem on 12.1 but I'm worried that the same thing may happen on my 12.2 upgrade. I'm pretty sure the problem is protocol/cipher suite related, but I can't find anything specific documentation on that point.

    The issue is logged as SRs 3-12877477151 and 3-12636176781

    Thanks

    Robert


  • Elke Phelps (Oracle Development) Wednesday, June 29, 2016

    Robert,

    Thanks for the inquiry. This blog is intended for certification announcements and high level guidance. My Oracle Support is the mechanism for troubleshooting and resolving specific issues in an environment.

    I will review the SRs you've provided and will reach out to Oracle support as needed for guidance regarding your issues.

    Regards,

    Elke


Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha
Oracle

Integrated Cloud Applications & Platform Services