Discussions

Responsys Bulletin: TLS 1.0-1.1 Deprecation FAQ

Amanda Onate-Oracle
Amanda Onate-Oracle Principal Product Manager, Oracle ResponsysPosts: 335 Employee
edited May 2, 2022 6:13AM in Responsys
Post edited by OIT Integration User on

Comments

  • Hi,

    We are on the RI6 SOAP library 6.20.

    Is anything we need to do in code or on the machine where the code runs to ensure it is a TLS 1.2 connection?

    Thanks.

  • Jacob Halstead-Oracle
    Jacob Halstead-Oracle Senior Account Manager Posts: 3 Employee

    Hi Amanda,

    My client Levi's was concerned that they did not hear about this change till last week. Can these types of changes be hosted in the Oracle Responsys System Maintenance Calendar? That calendar has much more visibility than the Responsys Insiders blog thread.

    Thank you,

    Jacob Halstead

  • Thiyagu ATR
    Thiyagu ATR DubaiPosts: 33 Green Ribbon

    @ Amanda Onate-Oracle ,

    We have 9 Responsys accounts in interact2. As per the PDF document shard and mentioned in announcement emailer if our technical infrastructure is using TLS1.0 and hit this URL I2: login2t.responsys.net  it should not return success notification right? But I'm able to get success response. Does that mean we this depreciation rollout will not affect our API calls even if our JDK is using TLS 1.0 protocol to hit Responsys APIs?

    We have desktop applications which are built using JDK1.5 which is not supporting TLS 1.2. If we have to use TLS1.2 then we need to upgrade our entire JDK which is not possible. We need to find an alternate solution basis of your confirmation. Can you please revert?

    Thanks

    Thiyagu

  • @ Amanda Onate-Oracle ,

    We have 9 Responsys accounts in interact2. As per the PDF document shard and mentioned in announcement emailer if our technical infrastructure is using TLS1.0 and hit this URL I2: login2t.responsys.net  it should not return success notification right? But I'm able to get success response. Does that mean we this depreciation rollout will not affect our API calls even if our JDK is using TLS 1.0 protocol to hit Responsys APIs?

    We have desktop applications which are built using JDK1.5 which is not supporting TLS 1.2. If we have to use TLS1.2 then we need to upgrade our entire JDK which is not possible. We need to find an alternate solution basis of your confirmation. Can you please revert?

    Thanks

    Thiyagu

    Hi Thiyagu,

    You really need to update your SDK version.  J2SE 1.5 was EOL (end of life) way back in 2009.  If anything, you should update for security purposes as well.  This is actually at the core reason of us dropping the old TLS versions and is a mandate by Oracle Security.  Our client's (and their client's) security is one of the most important things to us.

    If you saw the recent bulletin, you got really lucky the date got pushed out to early August but I would not count on that going forward.  I would get your code, certs, TLS, ciphers all updated ASAP so you do not encounter any interruptions to your business.

  • @ Amanda Onate-Oracle ,

    We have 9 Responsys accounts in interact2. As per the PDF document shard and mentioned in announcement emailer if our technical infrastructure is using TLS1.0 and hit this URL I2: login2t.responsys.net  it should not return success notification right? But I'm able to get success response. Does that mean we this depreciation rollout will not affect our API calls even if our JDK is using TLS 1.0 protocol to hit Responsys APIs?

    We have desktop applications which are built using JDK1.5 which is not supporting TLS 1.2. If we have to use TLS1.2 then we need to upgrade our entire JDK which is not possible. We need to find an alternate solution basis of your confirmation. Can you please revert?

    Thanks

    Thiyagu

    As to why you are getting success...  Are you sending as HTTP instead of HTTPS?  You should not.  Sending as HTTP, while you can do it, is highly discouraged.  By doing so, you are sending all of your customer data unencrypted and could easily be sniffed and hacked by anybody with basic tools.  The documentation states to use HTTPS to ensure secure encrypted communication of data.

  • Thiyagu ATR
    Thiyagu ATR DubaiPosts: 33 Green Ribbon

    As to why you are getting success...  Are you sending as HTTP instead of HTTPS?  You should not.  Sending as HTTP, while you can do it, is highly discouraged.  By doing so, you are sending all of your customer data unencrypted and could easily be sniffed and hacked by anybody with basic tools.  The documentation states to use HTTPS to ensure secure encrypted communication of data.

    Hi,

    Thanks for your detailed input. We advised our tech team to upgrade their JDK and we are routing through TLS1.2 now.

    Thanks for your support

    Thanks

    Thiyagu

  • Hi Amanda

    a Poste a customer of mine has just received the email about Oracle Responsys TLS 1.1 deprecation in July.

    Is this the first notice that was sent to customers or have there being earlier one?

    Can it be delayed?


    thanks

    Mario