Using Transport Layer Security with Siebel CRM

It is strongly recommended that you implement Transport Layer Security (TLS) encryption for all of the following services and communication paths in a Siebel CRM implementation:

Note: The use of Secure Sockets Layer (SSL) v3.0 encryption for environments with security requirements is not supported by Oracle for Siebel CRM as a result of security vulnerabilities discovered in the design of SSL v3.0.

• For communications between Siebel Web server and Siebel Web Client.

• For communications between Siebel Server and the Web server.

• For encryption of communications between Siebel Enterprise components, for example, communications between the Siebel Server to Siebel Web server (Siebel Application Interface), or between Siebel Servers.

• For communications between an LDAP security adapter and a directory server.

• For communications using Siebel CRM external interfaces (EAI), which use Web services to send and receive messages over HTTP.

• For communications between Siebel Server and an email server, including encryption for SMTP, IMAP, and POP3 sessions between Siebel Server and an email server.

For more information about configuring security in Siebel CRM, see Roadmap for Configuring Security.

Note: To ensure that you are using the highest level of security, download and install the current Siebel CRM Update release to enable the highest level of security and obtain the latest security-related patches. For more information about installing the current Siebel CRM Update release and about Siebel release types, see Siebel Installation Guide for the operating system you are using. For more information about installing Siebel Patchset releases, including new features, see Siebel CRM Update Guide and Release Notes on My Oracle Support, 23824315.1 (Article ID), for each applicable release.