My Oracle Support Banner

Disabling TLS 1.0/1.1 for Logistics Cloud Service (Doc ID 2470895.1)

Last updated on DECEMBER 03, 2019

Applies to:

Oracle Transportation Management Cloud Service - Version 18 and later
Oracle Transportation Intelligence Cloud Service - Version 18 and later
Oracle Forwarding and Brokerage Operations Cloud Service - Version 18 and later
Oracle Logistics Inventory Visibility Cloud Service - Version 18 and later
Oracle Transportation Sourcing Cloud Service - Version 18 and later
Information in this document applies to any platform.

Details

In order to align with industry best practices for data security and integrity, the Logistics Cloud Service will be disabling the TLS 1.0/1.1 communication protocols.  This note provides all of the details about this initiative. 

Overview

What is TLS?

TLS stands for “Transport Layer Security”, which is the newer version of SSL (Secure Sockets Layer).  It is a protocol that provides data privacy and integrity for communication between computer systems.  It’s the most widely deployed security protocol, and is used for web browsers and other applications to securely exchange data over a network.  TLS ensures that a connection to a remote system is the intended system through encryption and endpoint identity verification.  The versions of TLS, to date, are TLS 1.0, 1.1 and 1.2.

What is changing?

TLS version 1.0 and 1.1 are now considered insecure.  When these protocols are disabled, connections will need to be made using TLS 1.2.

When is this change going to occur?

The Logistics Cloud Service will be disabling TLS 1.0/1.1 for all customer Stage, Production and Development environments as detailed in separate communications.  Stage will be disabled first to allow ample time for validation testing.

Actions

What do I need to do?

It is your responsibility to validate three broad scenarios that could be impacted by this change.  Please refer to the corresponding section for details.

What should I do if I encounter a problem during testing?

It is your responsibility to ensure that your browsers/integration systems are compatible with TLS 1.2.  You may need to work with your vendors, partners, and service providers to upgrade to a supported browser version or with your middleware vendor to update your software to support TLS 1.2.  If you have exhausted these options and are still having issues, you can open a Service Request with Oracle Support seeking assistance.

Internet Browser Support

The Logistics Cloud Service supports the following browser versions.  As long as you are using a supported browser, no further action is required.  If you are not using a supported browser and you try to access a system where TLS 1.0/1.1 is disabled, you will receive a message like “Stronger security is required”.  Note:  it is important that you have vendors/partners/service providers validate their access once the Stage environment has been modified.

Minimum Product/Version

Product Website

TLS 1.2 Support

Internet Explorer (IE) 11

Microsoft

http://www.microsoft.com

Compatible with TLS 1.2 or higher by default

Firefox 45.4esr

Mozilla

http://www.mozilla.org

Compatible with TLS 1.2 or higher by default.

Google Chrome 53

Google

http://www.google.com/chrome

Compatible with TLS 1.2 or higher by default.

Safari 9 and 10 (Mac OS)

Apple

http://www.apple.com

Compatible with TLS 1.2 or higher by default.

Inbound Integration

Inbound Integration refers to any system to system communication which uses Logistics Cloud Data Integration APIs.  This includes Web Services, WMServlet, REST, and the Mobile Application.  The system calling these APIs (i.e. Order Management, Service Provider, Trading Partner, etc.), will need to support TLS 1.2.  Note:  It is common for these systems to communicate via a middleware solution (i.e., Oracle Integration Cloud Service).  It is your responsibility to test and possibly fix these integrations after TLS 1.0/1.1 has been disabled on Stage instances.  The compatibility of the sending system is dependent upon the programming language/version used to develop that system.  For instance, an Oracle Java 8 client is TLS 1.2 compatible by default.  With earlier versions of Java or other vendor implementations, it may be necessary to set some Java system properties.  In the case of middleware, Cloud or on-premise, please consult with your middleware vendor if you encounter issues.  Any changes made for the Stage instances, will also need to be made to Production prior to the Production cutover in order to avoid any impact to your service.

Please Note: With this change, the OTM/GTM public IP address associated with your pod/environment urls will change. If you have opened specific firewall rules in the past, you should update these rules to include the new IP address, otherwise your inbound integrations may not work after we make the TLS change.

Data Center                 Current IP (if your current, pre-TLS change IP is this...)        New IP (…then your new, post-TLS change IP will be this)
Amsterdam (EM2) 160.34.24.99 160.34.27.37
Amsterdam (EM2) 130.162.5.226 130.162.5.227
Slough (EM3) 141.145.34.222 141.145.35.50
Chicago (US2) 160.34.0.200 160.34.1.241
Chicago (US2) 160.34.0.214 160.34.1.242
Chicago (US2) 160.34.1.222 160.34.1.242
Chicago (US2) 129.150.10.18 129.150.10.19
Ashburn (US6) 129.152.32.4 129.152.32.91
Ashburn (US6) 129.152.32.211 129.152.32.91
Ashburn (US6) 129.158.4.113 129.158.4.114

If you are unsure of your current IP address, you can locate it by using the following command: nslookup <pod-URL>.

Outbound Integration

We will disable TLS1.0/1.1 for outbound integration separately from inbound integration.  Outbound TLS 1.0 was already disabled as part of your Release 18C upgrade.  Outbound TLS 1.1 will be disabled in a future upgrade.  We will also provide support for TLS 1.3 in a future release.  Please refer to posted product/release documentation for details.

Outbound Integration refers to any system to system communication where Logistics Cloud is sending data to another system.  Once outbound TLS 1.1 is disabled, the system being sent data will need to support TLS 1.2.  It is your responsibility to test and possibly fix these integrations after TLS 1.1 has been disabled on Stage instances.  The compatibility of the receiving system is dependent upon the programming language/version used to develop that system.  For instance, an Oracle Java 8 system is TLS 1.2 compatible by default.  With earlier versions of Java or other vendor implementations, it may be necessary to set some Java system properties.  In the case of middleware, Cloud or on-premise, please consult with your vendor if you encounter issues.  Any changes made for the Stage instances, will also need to be made to Production prior to the Production cutover in order to avoid any impact to your service.

 

Contacts

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Details
Actions
Contacts
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.