How to enable TLS 1.2 for Siebel Outbound HTTP/SSL interfaces that use the "EAI HTTP Transport" on Windows?
(Doc ID 2104778.1)
Last updated on FEBRUARY 23, 2021
Applies to:Siebel CRM - Version 8.0  and later
For Unix/Linux and Siebel 16 and higher see: How To Configure Java Web Container (Tomcat) To Use TLS 1.2 For Siebel Outbound Web Services That Uses OUTBOUNDSHA2 Named Subsystem (Doc ID 2321673.1)
For Unix/Linux and Siebel 15 and earlier only TLS 1.1 and certificates signed with SHA1 algorithm are supported. See: Mandatory steps to enable TLS for EAI HTTP Transport on Unix when mainwin fix is applied. (Doc ID 1957412.1)
The note outlines settings one has to perform / verify for the Windows Server OS of Siebel CRM Application Server so one can use TLS 1.2 handshake protocol in HTTP/SSL of Siebel Outbound Interfaces (such as SOAP Web Services).
The Siebel Outbound HTTP interfaces usually use the "EAI HTTP Transport" standard transport Business Service (BS) to perform HTTP and HTTP/SSL exchange with external system.
This transport BS uses the HTTP/SSL stack provided by system libraries of the Microsoft Windows (MS WinInet API, MS Crypto etc).
These libraries needs some OS Windows settings to explicitly enable the TLS 1.2 modern securest handshake protocol for outbound HTTP/SSL connections to external web sites.
This note outlines the changes.
NOTE: these discussed features are not related to the Oracle Siebel CRM product but are specific to the 3rd party product: the Microsoft Windows Server OS.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document