About Using Transport Layer Security with Siebel CRM

It is strongly recommended that you implement Transport Layer Security (TLS) encryption for all of the following services and communication paths in a Siebel CRM implementation:

Note:

The use of Secure S ockets Layer (SSL) v3.0 encryption for environments with security requirements is not supported by Oracle for Siebel CRM as a result of security vulnerabilities discovered in the design of SSL v3.0.

For communications between Siebel Web server and Siebel Web Client.
For communications between Siebel Server and the Web server.
For encryption of SISNAPI communications between Siebel Enterprise components, for example, communications between the Siebel Server to Siebel Web server (SWSE), or between Siebel Servers.
For communications between an LDAP or ADSI security adapter and a directory server.
For communications using the Siebel Business Applications external interfaces (EAI), which use Web services to send and receive messages over HTTP.
For communications between Siebel Server and an email server, including encryption for SMTP, IMAP, and POP3 sessions between Siebel Server and an email server.

For more information, see Chapter 3, "Securing the Network and Infrastructure" which includes information about the following:

For additional information, see Siebel Security Guide which includes information about communications and data encryption, security adapter authentication, and SWSE security features. For more information on the support for TLS encryption provided by Siebel CRM, see 1944467.1 (Article ID) on My Oracle Support.

Note:

To ensure that you are using the highest level of security, download and install the latest Innovation Pack and patchset release to enable the highest level of security and obtain the latest security-related patches. For more information on this, see Siebel Installation Guide for the operating system you are using and Siebel Patchset Installation Guide for Siebel CRM (1614310.1 Article ID on My Oracle Support).