Transport layer protection
If your client is calling the InForm User Management Interface web service that is hosted by Oracle, you must use Transport Layer Security (TLS) 1.2 or above to avoid man-in-the-middle attacks.
Web client developers should enforce encrypted data transport when the application transports sensitive data, and should validate that all certificates are legitimate and signed by public authorities.
Ciphers should be restricted to modern implementations.