Overview
Beginning in Oracle 22D, an external email server that meets our supported TLS protocol standards can be set up for outgoing email. The following emails are supported by external email services within Oracle CPQ:
- New User Creation Email
- Partner Organization Creation Email
- Forgot Password Email
- Update Favorites List
- Bulk Upload Email
- Scheduled Data Table Export Email
- Commerce Process Reporting Scheduled Email
- Broadcast Email
- Commerce Step Transition Email
All other outgoing emails other than those listed above will go through the Oracle CPQ email server.
OSSA TLS Compliance
Oracle CPQ requires external email servers to be compliant with the following OSSA TLS standards.
-
Supported SMTP protocols: SMTPS, SMTP + mandatory STARTTLS
-
Supported Certificates: EC, RSA, DSS
-
Supported Authentication: LOGIN
-
TLS Protocols Supported: TLS 1.3, TLS 1.2
TLS 1.3 Ciphersuites:
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
TLS 1.2 EC Ciphersuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS 1.2 RSA Ciphersuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS 1.2 DSS Ciphersuites:
- TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
- TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
- As a best practice, we recommend using SMTPS protocol. When using the SMTP protocol, STARTTLS is mandatory for communication encryption. If the server declines TLS encryption, we will immediately close the connection and no mail will be sent.
- Oracle CPQ assumes that certificates are properly signed with Certificate Authority (CA) and kept up to date. Oracle CPQ performs extra checks per RFC 2595 (Section 2.4. Server Identity Check) to avoid security issues.
- Only LOGIN authentication is supported per RFC 2554.
- Changes to default unit settings take effect immediately in deployed conversion classes.
- Oracle CPQ currently supports TLS 1.2 and 1.3. TLS 1.2 support will be removed at a future date, currently January 2024.
Administration
Log a service request on My Oracle Support to set up an external email server.
See Also
