Oracle Payments: Changes Required for TLS Instead of SSL (To Avoid POODLE Vulnerability)

(Doc ID 1960928.1)

Last updated on OCTOBER 27, 2017

Applies to:

Oracle Payments - Version 12.0.6 to 12.1.3 [Release 12.0 to 12.1]
Information in this document applies to any platform.

Goal

Our Payment System Provider (PSP) has reported that we are using SSL instead of TLS and hence are exposed to the POODLE vulnerability. The PSP are disabling SSL and hence we need to amend Oracle Payments setup to use TLS instead of SSL.

We currently use the standard Oracle Payments setup, where we have created a transmission configuration using the protocol HTTP(s) Post request. The destination URL for the transmission configuration is formatted like this:

https://host.domain/orderdirect.asp

What changes are needed in Oracle Payments?

Our 3rd party payment system provider is ePDQ Barclaycard.

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms