Re: Encrypted protocol

From: Al B. <albert.y.balbekov_at_gmail.com>
Date: Sat, 10 Dec 2022 18:49:54 -0800
Message-ID: <CACKN2vEOdrasQj6yuC3wTf2xhYNfTxVryHP=f74=DyQ48kS=xA_at_mail.gmail.com>

Hello EPA,

You can set TNS_ADMIN variable for specific database and point it to location different from default $OH/network/admin. In this location you can have sqlnet.ora separate from sqlnet.ora used by the rest of databases in this Oracle home, thus not impacting other databases. And if you are on RAC, then TNS_ADMIN can be set with srvctl per database.

Using SSL/TLS for network encryption has a drawback of expiring certificates. Native Network Encryption does not have this inconvenience. However, SSL/TLS is considered stronger because in addition to network encryption it also protects against man-in-the-middle attack.

Best regards,
Albert

On Sat, Dec 10, 2022 at 9:36 AM EPA <epanosian_at_gmail.com> wrote:

> Hello,
> thank you. I was aware of the SQLNET.ora file, but in my case, there are
> other databases using the same Oracle home. If I set ENCRYPTION_SERVER=
> REQUIRED, it will impact other clients and if I set up ENCRYPTION_SERVER=
> ACCEPTED or REQUESTED, then the target application (client) may/not use
> encryption.
> Any comments?
>
> EPA
>
> On Fri, Dec 9, 2022 at 9:05 AM Marián Bednár <marian.bednar_at_gmail.com>
> wrote:
>
>> Hi,
>>
>> Here is the basic description of two encrypting concepts.
>> Native encryption is easy to configure (transparent for clients) but for
>> some security officers it hasn't to be perfect.
>>
>> https://questoraclecommunity.org/learn/blogs/oracle-database-network-encryption-native-vs-tls-ssl/
>>
>> Oracle docs:
>>
>> https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/configuring-network-data-encryption-and-integrity.html
>>
>> https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/configuring-secure-sockets-layer-authentication.html
>>
>> Marian
>>
>>
>>
>> pi 9. 12. 2022 o 14:45 EPA <epanosian_at_gmail.com> napísal(a):
>>
>>> Hello,
>>>
>>> What are the requirements to set up encrypted protocols between
>>> applications / Oracle (19c) databases. How to enforce the use of encrypted
>>> protocols (i.e. SSL) to prevent eavesdropping or unauthorized modification
>>> of data in-transit. Disable clear-text services where possible? Sqlnet.ora?
>>> Anybody has done this? What are the cons/pros? What are the steps? What are
>>> shoulds and shouldn'ts?
>>>
>>> Thank you,
>>>
>>> EPA
>>>
>>

--
http://www.freelists.org/webpage/oracle-l

Received on Sun Dec 11 2022 - 03:49:54 CET

This message: [ Message body ]
Next message: Peter Gram: "Re: Connecting to SQL Server from Oracle"
Previous message: Rich J: "Re: Connecting to SQL Server from Oracle"
In reply to: EPA: "Re: Encrypted protocol"
In reply to EPA: "Re: Encrypted protocol"
Next in thread: Jeff Smith: "RE: [External] : Re: Connecting to SQL Server from Oracle"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message