Customer Portal

Get Involved. Join the Conversation.

Topic

    Willie Eide
    TLS 1.0 Announcement - Informing Your End Users
    Topic posted September 29, 2016 by Willie EideGold Trophy: 10,000+ Points, last edited February 21, 2017 
    12252 Views, 62 Comments
    Title:
    TLS 1.0 Announcement - Informing Your End Users
    Content:

    Announcement:

    With the upcoming disablement of TLS 1.0 protocol for Oracle Service Cloud (see CX Answer https://cx.rightnow.com/app/answers/detail/a_id/8576) this change, depending on your end user’s browser, may result in them receiving an error message stating that the browser they are currently using needs to support at least TLS 1.1.



    This, in the very basic form, would be confusing to most end users especially during a time when they are accessing your support site for a means to solve a particular issue. If your end users do not upgrade their browser, they will not be able to access your customer portal pages.



    The code snippet below works for CPv3 users. We are currently looking at solutions for CPv2 users.



    Therefore, the Customer Portal development team proposes that starting immediately, you modify customer/development/views/ templates/standard.php and place this code snippet (found below) at the bottom of the template file. This is needed in order to proactively address this situation before it becomes an issue. 



     



    DISCLAIMER: THE CODE SNIPPET IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. THIS CODE IS NOT SUPPORTED BY ORACLE WHEREAS TECHNICAL SUPPORT IS NOT RESPONSIBLE FOR ENSURING IT WORKS ON YOUR MACHINE.



     



    Background:

    TLS 1.0 protocol is known to be vulnerable to attacks and is widely considered to be an obsolete encryption method. Aside from Oracle, The Payment Card Industry Security Standards Council (PCI SSC) and the National Institute of Standards and Technology (NIST)  recommends transitioning from SSL and TLS 1.0 to a secure version of  TLS (currently v1.1 or higher).



    Additional information about TLS can be found under the "General Product Discussion" forum at https://cloudcustomerconnect.oracle.com/posts/302950cd55



    Support for TLS protocol version 1.0 will be disabled in the Oracle Service Cloud production environments on the following dates:

    - PCI Environment: on January 31st, 2017.

    - Non PCI Environment: on May 2 - June 20th, 2017*.



    *TLS 1.0 will be shut down in Non PCI environments on a phased approach starting May 2nd and ending on June 20th, 2017.  All Customer Administrators will be individually notified on the specific date when their site(s) will be disabled from TLS 1.0 protocol.

    Version:
    All versions of Customer Portal
    Code Snippet:

    Comment

    • Saravanan Sekar

      Hi All!

      In Agent desktop, I have used Custom Java Script code under file manager. Code is working fine.

      But I am facing TLS issue in the custom script PHP.

      Anyone have experience on this area?

      Any helpful will be useful.

      Thanks,

      Saravanan

    • csmith

      Just wanted to add a tidbit, we were getting the YUI undefined issue and we are on CP3.3.  we use jQuery so I whipped this up real quick and seems to work fine, I'm also not concerned by the dev tab so left that out.

      $(function() {
          $.getJSON("//www.howsmyssl.com/a/check")
              .done(function(json) {
                  if(json && json.tls_version.split(' ')[1] < 1.1){
                      $('<div id="oldtlswarning" style="background:rgba(0, 0, 0, 0) none repeat scroll 0 0;color:red;text-align:center;top:0">'
                      + 'Your browser lacks certain basic security requirements, You should upgrade your browser to the latest version.'
                      + '</div>').prependTo('body');
                  }
          })
      });