Discussions

Eloqua Product Notice: Supported Cipher Suite Changes (2021)

JodyMooney-Oracle
JodyMooney-Oracle Product Management, EloquaPosts: 349 Employee
edited Sep 7, 2021 5:17PM in Developer Tools

July 13, 2021: Updated with additional supporting info and context.

August 6, 2021: The two new Cipher suite were added August 1, 2021 as expected and the product notice was updated accordingly. Also, we added a note re: Testing - if you need a testing platform to test, please contact Oracle Cloud Support.

Overview

Oracle will be modifying its supported cipher suites used for Transport Layer Security (TLS) connections to Eloqua. This includes programmatic access to Eloqua via APIs. Two additional Ciphers were added on August 1, 2021 and weak Ciphers will be removed on October 1, 2021, providing customers with a 2 month window for testing in between. If you need a testing platform to test, please contact Oracle Cloud Support.

 

What’s changing?

Effective October 1, 2021 , support for the following cipher suites will be removed:

  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

These two cipher suites were previously removed in November 2020 but then were reinstated after discovering this left no supported ciphers for Windows Server 2012 R2.

In order to continue supporting Windows Server 2012 R2, the following two cipher suites that are supported by Windows Server 2012 R2 were added on August 1, 2021:

  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

The additional following cipher suites will remain supported:

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

Starting October 1, 2021, please ensure at least one of the following ciphers are supported for an application accessing Eloqua:

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 
  • TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 
  • TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 

Verify that all applications accessing Eloqua, including custom apps, support at least one of these ciphers. If none of these ciphers are supported for an application accessing Eloqua, access will not be possible.

Please note that this is only planned for login.eloqua.com and secure.p0X.eloqua.com – Landing Pages, Application, Tracking, and Image domains are not part of this change.

  

Timeline

Oracle will be modifying its supported cipher suites used for Transport Layer Security (TLS) connections to Eloqua. Two additional Ciphers were added on August 1, 2021 and two weak Ciphers will be removed on October 1, 2021, providing 2 months window for testing. If you need a testing platform to test, please contact Oracle Cloud Support.

 

Next Steps

All access to Eloqua using a secure connection must support one of the following cipher suites:

  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 
  • TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 
  • TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Verify that all applications accessing Eloqua, including custom apps, support at least one of these ciphers. If none of these ciphers are supported for an application accessing Eloqua, access will not be possible.

There are several publicly available tools to test available cipher suites for a given application. If you need a testing platform to test, please contact Oracle Cloud Support. Also note that all web browser versions supported by Eloqua will not be affected by this change. Information on cipher suites for Microsoft Operating systems can be found here: https://msdn.microsoft.com/en-us/library/windows/desktop/aa374757%28v=vs.85%29.aspx.

 

Additional Resources

If you have questions or need support to test connection before removing Ciphers, post your comments here or create a new discussion on Code It!

 

FAQ

Q: Why are these ciphers being deprecated?

A: Oracle wants to provide the most secure applications. After deprecation of the cipher suites listed in this announcement, the remaining supported cipher suites are considered to be the most commonly used and secure ciphers.

 

Q: How can I verify if my applications will still work properly after deprecation?

A: There are several public and free SSL testing/reporting suites available. Also, documentation for web browsers and application programming interfaces (APIs) typically highlight supported cipher suites. If you need a testing platform to test, please contact Oracle Cloud Support.

 

Group Product Manager, CX - Marketing: Eloqua

Post edited by JodyMooney-Oracle on