Product Notice: Supported Cipher Suite Changes [Aug 2019]

Version 1

    Overview

    With the arrival of Eloqua release 19C (Aug 2019), Oracle will be modifying its supported cipher suites used for Transport Layer Security (TLS) connections to Eloqua. This includes programmatic access to Eloqua via APIs.

     

    What’s changing?

    With 19C, support for the following cipher suites will be removed:

    • TLS_RSA_WITH_AES128_CBC_SHA
    • TLS_RSA_WITH_AES128_CBC_SHA256
    • TLS_RSA_WITH_AES128_GCM_SHA256
    • TLS_RSA_WITH_AES256_CBC_SHA
    • TLS_RSA_WITH_AES256_CBC_SHA256
    • TLS_RSA_WITH_AES256_GCM_SHA256
    • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
    • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA

     

    The following cipher suites will remain supported:

    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
    • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

     

    Timeline

    With the arrival of Eloqua release 19C (Aug 2019), Oracle will be modifying its supported cipher suites used for Transport Layer Security (TLS) connections to Eloqua. Check the Eloqua Release Center for specific dates and times.

     

    Next Steps

    All access to Eloqua using a secure connection must support one of the following cipher suites:

    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
    • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

     

    Verify that all applications accessing Eloqua, including custom apps, support at least one of these ciphers. If none of these ciphers are supported for an application accessing Eloqua, access will not be possible.

     

    There are several publicly available tools to test available cipher suites for a given application.  Also note that all web browser versions supported by Eloqua will not be affected by this change.

     

    Information on cipher suites for Microsoft Operating systems can be found here: https://msdn.microsoft.com/en-us/library/windows/desktop/aa374757%28v=vs.85%29.aspx.

     

    Additional Resources

    View changes for Eloqua's APIs including, new features, significant recent changes, and platform notices, on the Eloqua Developer Changelog.

     

    If you have questions, post a discussion on Code It!

     

    FAQ

     

    Q: Why are these ciphers being deprecated?

    A: Oracle wants to provide the most secure applications. After deprecation of the cipher suites listed in this announcement, the remaining supported cipher suites are considered to be the most commonly used and secure ciphers.

     

     

     

    Q: How can I verify if my applications will still work properly after deprecation?

    A: There are several public and free SSL testing/reporting suites available. Also, documentation for web browsers and application programming interfaces (APIs) typically highlight supported cipher suites.