Using SQL*Net Native Encryption with Direct TCP/IP

[holger_nis]

Our customer wants to introduce SQL*Net native encryption by setting SQLNET.ORA server parameters
* SQLNET.ENCRYPTION_SERVER =ACCEPTED
* SQLNET.ENCRYPTION_TYPES_SERVER = AES256

How can we use this with ODAC and a direct TCP/IP connection?

[MaximG]

The process of using direct secure connection is described in detail in the documentation :

https://www.devart.com/odac/docs/ssl.htm

[holger_nis]

The documentation you are referring to describes a manual setup using either an Oracle wallet or a certificate.
My question is regarding native encryption. When using either Oracle SQL*net or Oracle JDBC driver I only have to set two parameters in SQLNet.ora or JDBC configuration:
* SQLNET.ENCRYPTION_SERVER =ACCEPTED
* SQLNET.ENCRYPTION_TYPES_SERVER = AES256
I don't have to bother with wallets or certificates, everything is managed automatically by Oracle.
Our customers are asking if this can be used together with direct TCP/IP.

[MaximG]

Thanks for the clarifications!
You can try using Direct Mode to work with the given parameters. Please note that the OraNet.EncryptionLevel variable is responsible for using the SQLNET.ENCRYPTION_SERVER parameter in our components (the default value is slAccepted).
The encryption algorithm used by the client (analogous to SQLNET.ENCRYPTION_TYPES_SERVER) will be detected by our components automatically when trying to connect to the database server.

Feel free to contact us any time in case of any questions!

[heidenbluth]

Thank you,

When enforcing required encryption

Code: Select all

OraNet.EncryptionLevel := slRequired;   

it works fine with direct TCP/IP.

Unfortunately, an encryption request such as

Code: Select all

OraNet.EncryptionLevel := slRequested;
OraNet.DataIntegrityLevel := slRequested;

doesn't work in conjunction with the following sqlnet server settings:

Code: Select all

SQLNET.ENCRYPTION_SERVER=ACCEPTED
SQLNET.ENCRYPTION_TYPES_SERVER=(AES256)
SQLNET.CRYPTO_CHECKSUM_SERVER=ACCEPTED
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER=(SHA256)

I was checking

Code: Select all

SELECT NETWORK_SERVICE_BANNER from from v$session_connect_info

and for my session no network service adapter for encryption is listed.

When using similar SqlNet settings, the adapter is listed:

Code: Select all

SQLNET.ENCRYPTION_CLIENT=REQUESTED
SQLNET.ENCRYPTION_TYPES_CLIENT=(AES256)
SQLNET.CRYPTO_CHECKSUM_CLIENT=REQUESTED
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT=(SHA256)

Can you please check this?

[MaximG]

Thank you for the information. We will investigate the described issue and let you know the results shortly.

[heidenbluth]

Hasn't this been fixed in ODAC 12.0.2?
I am just wondering release notes do not mention.

[MaximG]

No, it wasn't fixed in ODAC 12.0.2. We are working on the necessary changes.