Skip Navigation
Expand
Deprecating SSL v3.0 and TLS versions prior to TLS v1.2 in Oracle Field Service
Answer ID 8226   |   Last Review Date 03/11/2019

How can I prepare for protocols prior to TLS v1.2 being disabled in my OFS instance?

Environment:

Oracle Field Service (OFS)

Resolution:

Support for protocols prior to TLS v1.2 including SSL v3.0 and prior has been deprecated in Oracle Field Service (OFS). Oracle recommends customers prepare to disable the use of these protocols in production environments by first disabling them in a TEST environment.


Frequently Asked Questions:

When will this occur? 

A) We have targeted February 16, 2016 to have legacy protocols removed from Akamai and load balancer configurations for all TEST instances. Customers may request to be moved prior to this date if you wish to be more proactive. Production instances must have legacy protocols removed on or before March 11, 2016.

What's the process to request migrating my instance to secure protocols?

A) Customers must contact Support and provide the URL of either their TEST or Production instance and specify the change window timeframe when the change should occur.  If there are difficulties that arise with switching over to new protocols, customers may raise a request to have the change rolled back. Changes may be rolled back in TEST until February 16th. Production changes may be rolled back until March 11th, at which time URLs must stay on newer protocols. We strongly encourage customers to test early, and also encourage customers to be prepared to request a migration of Production instances ahead of the March 11th final date.

What if my browser is incompatible with TLS v1.2?

A) Oracle recommends you usse actively-supported Internet browser versions. You should also check with your Internet browser provider whether your browser is compatible with TLS 1.2 and verify Oracle Software Web Browser Support Policy.

What if my middleware is incompatible with TLS v1.2?

A) Solutions vary based on software vendor. Please contact your middleware vendor, implementation partner or product documentation for assistance.

Can I request an extension of my service on the older protocols?

A) The time period for extension requests has expired.

May I engage consulting services if I need help?

A) Most required changes for this upgrade are within your access as a customer to complete. Consulting services will be occupied through the date of the final cutover, and may not be able to schedule new engagements to assist. If you are concerned there may be issues with your service, we encourage you to test early and often leading up to the final cutover date.

How can I determine if my OFS instance has had SSL v3.0 support disabled?

A) To check if SSL v3 support has been disabled, then run the following from a command line with openssl client installed, replacing example.etadirect.com with the domain part of your url:

openssl s_client -connect example.etadirect.com:443 -ssl3

Which should produce something containing an error, indicating sslv3 is disabled:

073927320:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake
failure:s3_pkt.c:1258:SSL alert number 40
3073927320:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:s3_pkt.c:596:

How can I be sure that my instance is capable of TLS v1.2?

A) Versions of OFS subsequent to 4 support TLS v1.2. To verify that TLS v1.2 is supported, run the following from a command line with openssl client installed, replacing example.etadirect.com with the domain part of your URL:

openssl s_client -connect example.etadirect.com:443 -tls1_2

Which should produce output containing a Protocol, Cipher, and Session-ID indicating a successful connection:

Protocol  : TLS v1.2
Cipher    : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 1515CBEFEB11AFF4998A8BADFAF70235D76B5455BE8D5CCAB5B850DDAF85C45B

What if I have additional questions?

A) Notification to disable legacy protocols was provided through the primary support contact of each affected customer.  Support contacts may inquire directly to the initial notification through their service portal account.

Available Languages for this Answer:

Notify Me
The page will refresh upon submission. Any pending input will be lost.