Oracle Payments: Changes Required for TLS Instead of SSL (To Avoid POODLE Vulnerability)
Last updated on FEBRUARY 20, 2018
Applies to:Oracle Payments - Version 12.0.6 to 12.1.3 [Release 12.0 to 12.1]
Information in this document applies to any platform.
Our Payment System Provider (PSP) has reported that we are using SSL instead of TLS and hence are exposed to the POODLE vulnerability. The PSP are disabling SSL and hence we need to amend Oracle Payments setup to use TLS instead of SSL.
We currently use the standard Oracle Payments setup, where we have created a transmission configuration using the protocol HTTP(s) Post request. The destination URL for the transmission configuration is formatted like this:
What changes are needed in Oracle Payments?
Our 3rd party payment system provider is ePDQ Barclaycard.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms