Page 1 of 1
Using SQL*Net Native Encryption with Direct TCP/IP
Posted: Wed 22 Sep 2021 08:43
by holger_nis
Our customer wants to introduce SQL*Net native encryption by setting SQLNET.ORA server parameters
* SQLNET.ENCRYPTION_SERVER =ACCEPTED
* SQLNET.ENCRYPTION_TYPES_SERVER = AES256
How can we use this with ODAC and a direct TCP/IP connection?
Re: Using SQL*Net Native Encryption with Direct TCP/IP
Posted: Wed 22 Sep 2021 11:39
by MaximG
The process of using direct secure connection is described in detail in the documentation :
https://www.devart.com/odac/docs/ssl.htm
Re: Using SQL*Net Native Encryption with Direct TCP/IP
Posted: Thu 23 Sep 2021 07:10
by holger_nis
The documentation you are referring to describes a manual setup using either an Oracle wallet or a certificate.
My question is regarding native encryption. When using either Oracle SQL*net or Oracle JDBC driver I only have to set two parameters in SQLNet.ora or JDBC configuration:
* SQLNET.ENCRYPTION_SERVER =ACCEPTED
* SQLNET.ENCRYPTION_TYPES_SERVER = AES256
I don't have to bother with wallets or certificates, everything is managed automatically by Oracle.
Our customers are asking if this can be used together with direct TCP/IP.
Re: Using SQL*Net Native Encryption with Direct TCP/IP
Posted: Mon 27 Sep 2021 12:25
by MaximG
Thanks for the clarifications!
You can try using Direct Mode to work with the given parameters. Please note that the OraNet.EncryptionLevel variable is responsible for using the SQLNET.ENCRYPTION_SERVER parameter in our components (the default value is slAccepted).
The encryption algorithm used by the client (analogous to SQLNET.ENCRYPTION_TYPES_SERVER) will be detected by our components automatically when trying to connect to the database server.
Feel free to contact us any time in case of any questions!
Re: Using SQL*Net Native Encryption with Direct TCP/IP
Posted: Fri 29 Oct 2021 08:37
by heidenbluth
Thank you,
When enforcing required encryption
Code: Select all
OraNet.EncryptionLevel := slRequired;
it works fine with direct TCP/IP.
Unfortunately, an encryption request such as
Code: Select all
OraNet.EncryptionLevel := slRequested;
OraNet.DataIntegrityLevel := slRequested;
doesn't work in conjunction with the following sqlnet server settings:
Code: Select all
SQLNET.ENCRYPTION_SERVER=ACCEPTED
SQLNET.ENCRYPTION_TYPES_SERVER=(AES256)
SQLNET.CRYPTO_CHECKSUM_SERVER=ACCEPTED
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER=(SHA256)
I was checking
Code: Select all
SELECT NETWORK_SERVICE_BANNER from from v$session_connect_info
and for my session no network service adapter for encryption is listed.
When using similar SqlNet settings, the adapter is listed:
Code: Select all
SQLNET.ENCRYPTION_CLIENT=REQUESTED
SQLNET.ENCRYPTION_TYPES_CLIENT=(AES256)
SQLNET.CRYPTO_CHECKSUM_CLIENT=REQUESTED
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT=(SHA256)
Can you please check this?
Re: Using SQL*Net Native Encryption with Direct TCP/IP
Posted: Tue 09 Nov 2021 10:20
by MaximG
Thank you for the information. We will investigate the described issue and let you know the results shortly.
Re: Using SQL*Net Native Encryption with Direct TCP/IP
Posted: Wed 15 Dec 2021 06:14
by heidenbluth
Hasn't this been fixed in ODAC 12.0.2?
I am just wondering release notes do not mention.
Re: Using SQL*Net Native Encryption with Direct TCP/IP
Posted: Wed 09 Feb 2022 13:06
by MaximG
No, it wasn't fixed in ODAC 12.0.2. We are working on the necessary changes.