My Oracle Support Banner

Disabling TLS 1.0/1.1 for Oracle CRM On Demand (Doc ID 2546031.1)

Last updated on OCTOBER 30, 2019

Applies to:

Oracle CRM On Demand - Version 031CS to 031CS [Release 31]
Information in this document applies to any platform.


In order to align with industry best practices for data security and integrity, Oracle CRM On Demand will be disabling the TLS 1.0/1.1 communication protocols. This note provides details about this initiative.


• What is TLS?
• What is changing?
• When is this change going to occur?
• What do I need to do?
• What should I do if I encounter a problem during testing?


What is TLS?

TLS stands for “Transport Layer Security”, which is the newer version of SSL (Secure Sockets Layer). It is a protocol that provides data privacy and integrity for communication between computer systems. It’s the most widely deployed security protocol and is used for web browsers and other applications to securely exchange data over a network. TLS ensures that a connection to a remote system is the intended system through encryption and endpoint identity verification. The versions of TLS to date are TLS 1.0, 1.1 and 1.2.


What is changing?

TLS versions 1.0 and 1.1 are now considered insecure. When these protocols are disabled, connections will need to be made using TLS 1.2.
When is this change going to occur?
Oracle CRM On Demand will be disabling TLS 1.0/1.1 for all customer Stage, Production and CTE environments as detailed in separate communications. Stage will be disabled first to allow ample time for validation testing.


What do I need to do?

It is your responsibility to validate two broad scenarios that could be impacted by this change. Please refer to the corresponding section for details.

• Internet Browser
• Inbound Integration


What should I do if I encounter a problem during testing?

It is your responsibility to ensure that your browsers/integration systems are compatible with TLS 1.2. You may need to work with your vendors, partners, and service providers to upgrade to a supported browser version or with your middleware vendor to update your software to support TLS 1.2. If you have exhausted these options and are still having issues, you can open a Service Request with Oracle Support seeking assistance.


Internet Browser Support

Oracle CRM On Demand supports the following browser versions. As long as you are using a supported browser, no further action is required. If you are not using a supported browser and you try to access a system where TLS 1.0/1.1 is disabled, you will receive a message like “Stronger security is required”. Note: It is important that you have vendors/partners/service providers validate their access once the Stage environment has been modified.


Minimum Product/Version Product Website TLS 1.2 Support
Internet Explorer (IE) 11 Microsoft
Compatible with TLS 1.2 or higher by default
Firefox 45.4esr Mozilla
Compatible with TLS 1.2 or higher by default.
Google Chrome 53 Google
Compatible with TLS 1.2 or higher by default.
Safari 9 and 10 (Mac OS) Apple
Compatible with TLS 1.2 or higher by default.


For a full list of supported browsers and operating systems, please refer to the System Requirements page on


Inbound Integration

Inbound Integration refers to any system-to-system communication which uses Oracle CRM On Demand Integration APIs. This includes Web Services, WMServlet, REST, and the Mobile Application. The system calling these APIs will need to support TLS 1.2. Note: It is common for these systems to communicate via a middleware solution. It is your responsibility to test and possibly fix these integrations after TLS 1.0/1.1 has been disabled on Stage instances. The compatibility of the sending system is dependent upon the programming language/version used to develop that system. For instance, an Oracle Java 8 client is TLS 1.2 compatible by default. With earlier versions of Java or other vendor implementations, it may be necessary to set some Java system properties. In the case of middleware, Cloud or on-premise, please consult with your middleware vendor if you encounter issues. Any changes made for the Stage instances, will also need to be made to Production prior to the Production cutover in order to avoid any impact to your service.



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.