Discussions
Categories
Responsys Bulletin: TLS 1.0-1.1 Deprecation FAQ

Comments
-
Hi,
We are on the RI6 SOAP library 6.20.
Is anything we need to do in code or on the machine where the code runs to ensure it is a TLS 1.2 connection?
Thanks.
-
Hi Amanda,
My client Levi's was concerned that they did not hear about this change till last week. Can these types of changes be hosted in the Oracle Responsys System Maintenance Calendar? That calendar has much more visibility than the Responsys Insiders blog thread.
Thank you,
Jacob Halstead
-
We have 9 Responsys accounts in interact2. As per the PDF document shard and mentioned in announcement emailer if our technical infrastructure is using TLS1.0 and hit this URL I2: login2t.responsys.net it should not return success notification right? But I'm able to get success response. Does that mean we this depreciation rollout will not affect our API calls even if our JDK is using TLS 1.0 protocol to hit Responsys APIs?
We have desktop applications which are built using JDK1.5 which is not supporting TLS 1.2. If we have to use TLS1.2 then we need to upgrade our entire JDK which is not possible. We need to find an alternate solution basis of your confirmation. Can you please revert?
Thanks
Thiyagu
-
We have 9 Responsys accounts in interact2. As per the PDF document shard and mentioned in announcement emailer if our technical infrastructure is using TLS1.0 and hit this URL I2: login2t.responsys.net it should not return success notification right? But I'm able to get success response. Does that mean we this depreciation rollout will not affect our API calls even if our JDK is using TLS 1.0 protocol to hit Responsys APIs?
We have desktop applications which are built using JDK1.5 which is not supporting TLS 1.2. If we have to use TLS1.2 then we need to upgrade our entire JDK which is not possible. We need to find an alternate solution basis of your confirmation. Can you please revert?
Thanks
Thiyagu
Hi Thiyagu,
You really need to update your SDK version. J2SE 1.5 was EOL (end of life) way back in 2009. If anything, you should update for security purposes as well. This is actually at the core reason of us dropping the old TLS versions and is a mandate by Oracle Security. Our client's (and their client's) security is one of the most important things to us.
If you saw the recent bulletin, you got really lucky the date got pushed out to early August but I would not count on that going forward. I would get your code, certs, TLS, ciphers all updated ASAP so you do not encounter any interruptions to your business.
-
We have 9 Responsys accounts in interact2. As per the PDF document shard and mentioned in announcement emailer if our technical infrastructure is using TLS1.0 and hit this URL I2: login2t.responsys.net it should not return success notification right? But I'm able to get success response. Does that mean we this depreciation rollout will not affect our API calls even if our JDK is using TLS 1.0 protocol to hit Responsys APIs?
We have desktop applications which are built using JDK1.5 which is not supporting TLS 1.2. If we have to use TLS1.2 then we need to upgrade our entire JDK which is not possible. We need to find an alternate solution basis of your confirmation. Can you please revert?
Thanks
Thiyagu
As to why you are getting success... Are you sending as HTTP instead of HTTPS? You should not. Sending as HTTP, while you can do it, is highly discouraged. By doing so, you are sending all of your customer data unencrypted and could easily be sniffed and hacked by anybody with basic tools. The documentation states to use HTTPS to ensure secure encrypted communication of data.
-
As to why you are getting success... Are you sending as HTTP instead of HTTPS? You should not. Sending as HTTP, while you can do it, is highly discouraged. By doing so, you are sending all of your customer data unencrypted and could easily be sniffed and hacked by anybody with basic tools. The documentation states to use HTTPS to ensure secure encrypted communication of data.
Hi,
Thanks for your detailed input. We advised our tech team to upgrade their JDK and we are routing through TLS1.2 now.
Thanks for your support
Thanks
Thiyagu
-
Hi Amanda
a Poste a customer of mine has just received the email about Oracle Responsys TLS 1.1 deprecation in July.
Is this the first notice that was sent to customers or have there being earlier one?
Can it be delayed?
thanks
Mario