Discussions

Maxymiser Security Update re: TLS Ciphers

Mark Grannan-Oracle
Mark Grannan-Oracle Outbound Product Management, Oracle Infinity and MaxymiserPosts: 18 Employee
edited May 2, 2022 2:15PM in Infinity & Maxymiser

Summary: 

As part of Oracle security best practices, we’re updating our requirements on TLS ciphers, and will soon deprecate a list of weak TLS ciphers. Oracle Maxymiser customers should ensure there’s the usage of at least one strong cipher on their website by January 14, 2022.

Oracle Maxymiser uses TLS broadly, however, this specific change impacts usage of Campaign Designer only. Disabling weak TLS ciphers will prevent customers from using Campaign Designer if their websites do not support any of the strong ciphers in our list.

Background: 

TLS cipher suite is a set of cryptographic algorithms that help securing network connections. TLS has wide usage in web browsing (HTTPs), email, and various means of communication over the internet. You can learn more about TLS here: https://www.ssllabs.com/projects/best-practices/index.html.

By not allowing vulnerable ciphers, we protect our customers from potential hacker attacks that could lead to data loss/theft or other types of damage. Please note that this is industry-wide initiative and we expect all major optimization and analytics vendors as well as customers to implement similar changes on their applications.

The information below contains necessary details and lists required actions to support our customers with this change.

Strong TLS Ciphers list:

Here is a full list of TLS ciphers to be used in our products:

Specific ciphers for TLS 1.2

  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (DH 2048 bits)
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (DH 2048 bits)

Customer and Campaign Impact:

Customer websites not using at least one of the supported ciphers will not be able to use Campaign Designer. 

Timing:

The outlined impact above will take place on or after Friday January 14, 2022. Please note the action items below in preparation for this change.

Required Actions:

Make sure your website uses at least one TLS Cipher from Strong ciphers list. You can check your website's TLS Cipher configuration on this Qualys site:  https://www.ssllabs.com/ssltest/index.html.

Post edited by Wilson Zhu-Oracle on