+- Oracle Forum - The Knowledge Center for Oracle Professionals - Looking Beyond the Possibilities (http://www.oraerp.com)
+-- Forum: News and Career (http://www.oraerp.com/forum-41.html)
+--- Forum: Other - Non-product related Oracle Discussions (http://www.oraerp.com/forum-20.html)
+---- Forum: News (http://www.oraerp.com/forum-27.html)
+---- Thread: E-Business Suite Security with Transport Layer Security (TLS) (/thread-71311.html)
E-Business Suite Security with Transport Layer Security (TLS) - admin - 01-06-2015
Oracle ATG Group has announced through Steven Chan Blog by Elke Phelps (Oracle Development) on Jan 05, 2015It seems fitting to start 2015 with a security-related blog post about Secure Socket Layer (SSL) and Transport Layer Security (TLS). TLS is the successor to SSL. TLS, like SSL, is a protocol that encrypts traffic between applications and servers. TLS is based on SSL 3.0. TLS 1.0 is sometimes referred to as SSL 3.1. Going forward you will hear us talk more about TLS and less about SSL.TLS is considered to be more secure than SSL. All systems that use SSL 3.0 may be vulnerable to a design vulnerability in SSL’s handling of block cipher mode padding. The Padding Oracle on Downgraded Legacy Encryption (POODLE) attack is one possible attack vector for web browsers and web servers.Oracle E-Business Suite customers can migrate to TLS and mitigate the effects of POODLE attacks by following:
- CVE-2014-3566 - Instructions to Mitigate the SSLv3 Vulnerability ("POODLE Attack") in Oracle E-Business Suite (Note 1937646.1)
- Secure Configuration Guide for Oracle E-Business Suite Release 12 (Note 403537.1)
- Enabling SSL in Oracle E-Business Suite Release 12.2 (Note 1367293.1)
- Enabling SSL in Oracle E-Business Suite Release 12 (Note 376700.1)
- Secure Configuration Guide for Oracle E-Business Suite Release 11i (Note 189367.1)
- 11i: A Guide to Understanding and Implementing SSL for Oracle Applications (Note 123718.1)