Using SQL*Net Native Encryption with Direct TCP/IP
-
- Posts: 7
- Joined: Wed 26 Nov 2014 10:02
Using SQL*Net Native Encryption with Direct TCP/IP
Our customer wants to introduce SQL*Net native encryption by setting SQLNET.ORA server parameters
* SQLNET.ENCRYPTION_SERVER =ACCEPTED
* SQLNET.ENCRYPTION_TYPES_SERVER = AES256
How can we use this with ODAC and a direct TCP/IP connection?
* SQLNET.ENCRYPTION_SERVER =ACCEPTED
* SQLNET.ENCRYPTION_TYPES_SERVER = AES256
How can we use this with ODAC and a direct TCP/IP connection?
Re: Using SQL*Net Native Encryption with Direct TCP/IP
The process of using direct secure connection is described in detail in the documentation :
https://www.devart.com/odac/docs/ssl.htm
https://www.devart.com/odac/docs/ssl.htm
-
- Posts: 7
- Joined: Wed 26 Nov 2014 10:02
Re: Using SQL*Net Native Encryption with Direct TCP/IP
The documentation you are referring to describes a manual setup using either an Oracle wallet or a certificate.
My question is regarding native encryption. When using either Oracle SQL*net or Oracle JDBC driver I only have to set two parameters in SQLNet.ora or JDBC configuration:
* SQLNET.ENCRYPTION_SERVER =ACCEPTED
* SQLNET.ENCRYPTION_TYPES_SERVER = AES256
I don't have to bother with wallets or certificates, everything is managed automatically by Oracle.
Our customers are asking if this can be used together with direct TCP/IP.
My question is regarding native encryption. When using either Oracle SQL*net or Oracle JDBC driver I only have to set two parameters in SQLNet.ora or JDBC configuration:
* SQLNET.ENCRYPTION_SERVER =ACCEPTED
* SQLNET.ENCRYPTION_TYPES_SERVER = AES256
I don't have to bother with wallets or certificates, everything is managed automatically by Oracle.
Our customers are asking if this can be used together with direct TCP/IP.
Re: Using SQL*Net Native Encryption with Direct TCP/IP
Thanks for the clarifications!
You can try using Direct Mode to work with the given parameters. Please note that the OraNet.EncryptionLevel variable is responsible for using the SQLNET.ENCRYPTION_SERVER parameter in our components (the default value is slAccepted).
The encryption algorithm used by the client (analogous to SQLNET.ENCRYPTION_TYPES_SERVER) will be detected by our components automatically when trying to connect to the database server.
Feel free to contact us any time in case of any questions!
You can try using Direct Mode to work with the given parameters. Please note that the OraNet.EncryptionLevel variable is responsible for using the SQLNET.ENCRYPTION_SERVER parameter in our components (the default value is slAccepted).
The encryption algorithm used by the client (analogous to SQLNET.ENCRYPTION_TYPES_SERVER) will be detected by our components automatically when trying to connect to the database server.
Feel free to contact us any time in case of any questions!
-
- Posts: 56
- Joined: Mon 08 Nov 2004 19:01
- Location: Germany
Re: Using SQL*Net Native Encryption with Direct TCP/IP
Thank you,
When enforcing required encryption
it works fine with direct TCP/IP.
Unfortunately, an encryption request such as
doesn't work in conjunction with the following sqlnet server settings:
I was checking
and for my session no network service adapter for encryption is listed.
When using similar SqlNet settings, the adapter is listed:
Can you please check this?
When enforcing required encryption
Code: Select all
OraNet.EncryptionLevel := slRequired;
Unfortunately, an encryption request such as
Code: Select all
OraNet.EncryptionLevel := slRequested;
OraNet.DataIntegrityLevel := slRequested;
Code: Select all
SQLNET.ENCRYPTION_SERVER=ACCEPTED
SQLNET.ENCRYPTION_TYPES_SERVER=(AES256)
SQLNET.CRYPTO_CHECKSUM_SERVER=ACCEPTED
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER=(SHA256)
Code: Select all
SELECT NETWORK_SERVICE_BANNER from from v$session_connect_info
When using similar SqlNet settings, the adapter is listed:
Code: Select all
SQLNET.ENCRYPTION_CLIENT=REQUESTED
SQLNET.ENCRYPTION_TYPES_CLIENT=(AES256)
SQLNET.CRYPTO_CHECKSUM_CLIENT=REQUESTED
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT=(SHA256)
Re: Using SQL*Net Native Encryption with Direct TCP/IP
Thank you for the information. We will investigate the described issue and let you know the results shortly.
-
- Posts: 56
- Joined: Mon 08 Nov 2004 19:01
- Location: Germany
Re: Using SQL*Net Native Encryption with Direct TCP/IP
Hasn't this been fixed in ODAC 12.0.2?
I am just wondering release notes do not mention.
I am just wondering release notes do not mention.
Re: Using SQL*Net Native Encryption with Direct TCP/IP
No, it wasn't fixed in ODAC 12.0.2. We are working on the necessary changes.