How does the abandoning of TLS 1.0 impact Oracle Policy Automation?
Oracle Policy Automation (OPA), TLS 1.0 implications
The TLS 1.0 protocol is obsolete. This old release of the TLS protocol is known to be vulnerable to attacks and is widely considered to be an obsolete encryption method. Support for TLS 1.1 and 1.2 started with the February 2014 Oracle Service Cloud release.
Support for TLS protocol version 1.0 will be disabled in the Oracle Service Cloud production environments on the following dates:
PCI Environment: on January 31st, 2017.
Non PCI Environment: June 20th to October 11th, 2017 (Updated)*.
*TLS 1.0 will be shut down in Non PCI environments on a phased approach starting June 20th through October 11th, 2017. All Customer Administrators will be individually notified on the specific date when their site(s) will be disabled from TLS 1.0 protocol.
PCI pod customers must do the following on each machine where Oracle Policy Modeling is installed, before the January shut down date:
- Ensure .NET Framework 4.5.2 or later is installed.
- Ensure Oracle Policy Modeling Build 498or later is installed. The build number can be found on the Welcome page of the Policy Modeling Project tab.
Policy Automation Implications
- Both custom control and web service connections need to be checked that they support TLS 1.1 or later.
- Customers that tightly control their enterprise desktop environments are encouraged to prepare to support Microsoft .NET Framework 4.5.2 as that will become a required pre-requisite for Oracle Policy Modeling as of the November 2016 release.
- Oracle recommends that you communicate to your end-users on the supported web browsers they should use to access your sites.
- If you have questions or concerns, please submit a Service Request (SR) via Technical Support using the standard support process.