Results 1 to 3 of 3
  1. #1
    Join Date
    Jul 2007
    Posts
    2

    Unanswered: SSL connection with JDBC thin driver

    I am attempting to connect to an instance of Oracle 10.2 using the JDBC thin driver with SSL. I want to use the encryption feature of SSL only, but I can not perform the getConnection without running into an exception. According the JDBC docs, the SSL encryption feature is new for the 10.2 release of the JDBC thin driver, but I have seen no working examples.

    I am using ojdbc14.jar on Java 5.0 using a standalone application, and it fails with an IOException (The network adapter could not establish the connection) (Error code 17002). I even enabled tracing using the ojdbc-g.jar to try to figure out what the REAL problem is, but it was not helpful at determining a root cause. I changed the driver type from "thin" to "oci" and voila, the connection works just fine using the same tnsnames file, the same wallet, the same parameters, but using the Oracle Instant Client installation I have for my machine. I am using password based authentication as I understand that the authentication part of SSL is not supported in the thin driver on 10.2

    Can anyone verify that the SSL encryption (not the Oracle Net encryption, but rather the one described in Chapter 11 of the JDBC Developer's Guide. http://download.oracle.com/docs/cd/B...n.htm#CHDFEICG ) works with the JDBC thin driver. I really would prefer to avoid using the OCI driver because of its dependencies on the native platform. Is there something special with how the users are created or how the JDBC API should be used? I am setting what I think to be appropriate parameters (oracle.net.wallet_location, oracle.net.cipher_suites) all to no avail.

  2. #2
    Join Date
    Jul 2006
    Posts
    49
    On the Oracle Server did you configure the listener to support TCPS connections on a different port than TCP connections. This requires a DESCRIPTION_LIST block and then you can isolate TCP addresses in one DESCRIPTION block and TCPS addresses in a separate DESCRIPTION block. For example,

    # listener.ora
    LISTENER_REMIDATA =
    (DESCRIPTION_LIST =
    (DESCRIPTION =
    (ADDRESS=(PROTOCOL=IPC)(KEY=REMIDATA))
    )
    (DESCRIPTION =
    (ADDRESS_LIST =
    (ADDRESS=(PROTOCOL=TCP)(HOST=ME1)(PORT=4000))
    (ADDRESS=(PROTOCOL=TCP)(HOST=ME1)(PORT=4001))
    )
    )
    (DESCRIPTION =
    (ADDRESS_LIST =
    (ADDRESS=(PROTOCOL=TCPS)(HOST=ME1)(PORT=5000))
    (ADDRESS=(PROTOCOL=TCPS)(HOST=ME1)(PORT=5001))
    )
    )
    )
    SSL_CLIENT_AUTHENTICATION = TRUE
    SSL_VERSION = 3.0
    WALLET_LOCATION = (SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/oracle/wallets)))

    In the wallet you might need to set the auto login property to true (check the box) otherwise the wallet will expect a password from the calling application.

    In the database did you create the user identified by DN? You should have such a user account that matches the DN of the cert stored in the Oracle Wallet associated with the Oracle Listener. Before trying to connect over JDBC thin or even thick you should ensure SSL connectivity is working period. For example, at command prompt "sqlplus /@mysid_ssl". Oracle will open the wallet, get the credentials and try to log into the database by matching the DN to a userid's properties.

    Once you get this working go back to working on the JDBC thin issues. For example, in your app's connection string be sure to specify the address of the TCPS port.

    -Mark

  3. #3
    Join Date
    Jul 2007
    Posts
    2

    Does the thn driver actually work with SSL as advertised?

    Thanks for the reply, and yes, I am using the settings you mention, but SSL does not work with the thin driver as far as I can tell (even though the docs advertise it). As I said the same standalone Java program that successfully connects with OCI (thick client) and sqlplus does NOT connect with JDBC thin. The only difference between what works and what does not from a Java source code perspective is the driver type which I changed from "thin" to "oci". Under the hood I am using the Oracle Instant Client installation I installed on my machine when I specify the oci driver, but I want the same SSL functionality from the Oracle thin driver. What I want to know is whether someone can confirm that SSL encryption works with the JDBC thin driver in an installation of Oracle 10.2 or later. There are no examples other than the Oracle documentation and the documentation does not present a complete working example (See Chapter 11 of the JDBC Developer's Guide for the functionality I want to work - it's new as of 10.2 - http://download.oracle.com/docs/cd/B...n.htm#CHDFEICG
    ).
    Can someone verify that SSL encryption works with the JDBC thin driver - Have you actually run a secure connection with this driver?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •