UTL_HTTP, SSLv3, TLSv1 and POODLE

With the recent publicity about the POODLE bug, many web masters are turning off SSLv3 support. Depending on your Oracle database version/patch, that can present a bit of a problem for people using UTL_HTTP to access HTTPS resources, as described here.

  • UTL_HTTP Package Fails With ORA-29273 ORA-28860 When Using TLSv1 (Doc ID 727118.1) : Basically, older database releases only allow HTTPS using the SSLv3 protocol from UTL_HTTP. If you want to use the TLSv1 protocol you need to make sure you are on a patched up version of 11.2.

Interestingly, if you upgrade to Oracle 12c, you might have problems in the other direction, since Oracle 12c prevents UTL_HTTP calls over HTTPS to anything older than TLSv1.2, as described here.

So you might have trouble accessing legacy systems, without reverting to HTTP…

Fun, fun, fun…

Cheers

Tim…

Author: Tim...

DBA, Developer, Author, Trainer.

One thought on “UTL_HTTP, SSLv3, TLSv1 and POODLE”

Comments are closed.