Discussions
Categories
Eloqua Product Notice: Supported Cipher Suite Changes (Updated - Nov 2020)

Oracle Eloqua had announced that, with the 20D release (Nov 2020), support for the following cipher suites would be removed:
· TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
· TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
They were removed with the 20D release, but as of Nov 23 (POD7) and Nov 24 (POD 1, 2, 3, 4, and 6) have now been temporarily reinstated. Rest assured, if your organization had already made changes, there will be no ill effects as a result of the reinstated cipher suites.
Next Steps
While not currently available, a new date will be provided for when these above mentioned cipher suites will no longer be supported.Additional Resources
More information can be found in our product notice.
With the arrival of Eloqua 20D release (Nov 2020), Oracle will be modifying its supported cipher suites used for Transport Layer Security (TLS) connections to Eloqua. This includes programmatic access to Eloqua via APIs.
What’s changing?
With 20D, support for the following cipher suites will be removed:
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
The following cipher suites will remain supported:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Timeline
With the arrival of Eloqua 20D release (Nov 2020), Oracle will be modifying its supported cipher suites used for Transport Layer Security (TLS) connections to Eloqua. Changes will be made on:
- POD 7: Nov 18, 2020.
- POD 1, 2, 3, 4, and 6: Nov 20, 2020.
Next Steps
All access to Eloqua using a secure connection must support one of the following cipher suites:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Verify that all applications accessing Eloqua, including custom apps, support at least one of these ciphers. If none of these ciphers are supported for an application accessing Eloqua, access will not be possible.
There are several publicly available tools to test available cipher suites for a given application. Also note that all web browser versions supported by Eloqua will not be affected by this change.
Information on cipher suites for Microsoft Operating systems can be found here: https://msdn.microsoft.com/en-us/library/windows/desktop/aa374757%28v=vs.85%29.aspx.
Additional Resources
View changes for Eloqua's APIs including, new features, significant recent changes, and platform notices, on the Eloqua Developer Changelog.
If you have questions, post a discussion on Developer Tools!
FAQ
Q: Why are these ciphers being deprecated?
A: Oracle wants to provide the most secure applications. After deprecation of the cipher suites listed in this announcement, the remaining supported cipher suites are considered to be the most commonly used and secure ciphers.
Q: How can I verify if my applications will still work properly after deprecation?
A: There are several public and free SSL testing/reporting suites available. Also, documentation for web browsers and application programming interfaces (APIs) typically highlight supported cipher suites.
Comments
-
Oracle is a trusted partner. We have implemented connections to Eloqua as a part of our primary processes. It is totally understood why TLS 1.2 is only supported but supporting only these cipher suites is far too strict, and does not support any goal. We should be able to trust that Oracle / Eloqua supports all current safe cipher suites. As far as I am concerned Oracle should follow Microsoft supported server conifgs and protocols, and when deprecated by them remove the cipher suites over time. That is the way to do it and not the other way around! More information about Microsoft server support can be found on their product lificycle page ( I cannot post links in this section). For example Windows Server 2012 R2 is supported until Oct. 10 2023 according to the product lifecycle page.
Creating connections to Eloqua is primary functionality. If Oracle is not in favour of this way of working clients should re-evaluate their current implementation. That should not be the follow up on this right?
-
Hi
Is there a new date when the above mentioned cipher suites will no longer be supported? I was last told this would be in Feb but no exact date was provided.
-
Hi,
I have not heard any update from our Technical Account Manager about the deprecation of the cipher suites yet.
Best regards,
Scott
-