| JDBC connections on TLS/2484 and TCP/1521 [message #670805] |
Thu, 26 July 2018 21:22  |
tax_man
Messages: 10
Registered: March 2002
|
Junior Member |
|
|
We have an Oracle 12g installation that came as bundled within another system, which is a Call Center application by Avaya.
The Avaya app can only connect to this Oracle RDBMS via unsecured TCP on port 1521 - it cannot support secure connections on TLS/2484. This Avaya app is up and running and successfully writing data to the DB.
We recently had another new external client app - call this app X - that wanted to connect via JDBC to the Oracle 12g instance. We set it up using a JDBC THIN driver and using TCP on 1521 - which is working OK.
However, we have been told that this connection from app X --> Oracle must be ENCRYPTED i.e. encryption-in-transit is a MUST, encryption-of-data-at-rest is NOT required. I imagine this would require app X to use TLS/2484 in the JDBC connection properties (as opposed to just TCP).
My question is - can the Oracle RDBMS be configured to support connections on both TCP and TLS concurrently? (from diff clients of course, as stated above) (I understand the port numbers may be configurable I am just referring to the commonly used ones of 1521 and 2484)
Thanks!
|
|
|
|
|
|
| Re: JDBC connections on TLS/2484 and TCP/1521 [message #670807 is a reply to message #670806] |
Thu, 26 July 2018 22:00  |
tax_man
Messages: 10
Registered: March 2002
|
Junior Member |
|
|
BlackSwan, I have done research on this. But I couldn't find anything where someone wants to use both types of connections concurrently. I did find this one statement, but I am not sure if I am interpreting it correctly:
"•U.S. government regulations prohibit double encryption. Accordingly, if you configure Oracle Advanced Security to use SSL encryption and another encryption method concurrently, then the connection fails. You also cannot configure SSL authentication concurrently with non-SSL authentication."
Because, I am only after SSL and non-SSL encryption, not necessarily authentication.
Hence I was after some help...
Thanks
|
|
|
|
|
|
| Re: JDBC connections on TLS/2484 and TCP/1521 [message #670809 is a reply to message #670805] |
Fri, 27 July 2018 02:16 |
John Watson
Messages: 8962
Registered: January 2010
Location: Global Village
|
Senior Member |
|
|
If you can configure Avaya to use the JDBC OCI driver, rather than the thin driver, then you can set up AES encryption over port 1521 in seconds: it is just adding one line to the sqlnet.ora file.
You can certainly configure TCPS on whatever port you please in addition to your existing unencrypted listening end point, but it is more hassle.
You really need to talk to Avaya, or your implementation consultants, about this. Also, if the database is "bundled" you do need to be careful. For example, if it is the Embedded Software Licence you are not allowed to use any of the Oracle supplied admin tools.
|
|
|
|
| Re: JDBC connections on TLS/2484 and TCP/1521 [message #670810 is a reply to message #670809] |
Fri, 27 July 2018 03:04 |
tax_man
Messages: 10
Registered: March 2002
|
Junior Member |
|
|
John, Thanks for your reply. I cannot change the Avaya application in any way at all, it wont be supported then.
Could you please provide some more detail (even if just high level pointers) on - "You can certainly configure TCPS on whatever port you please in addition to your existing unencrypted listening end point, but it is more hassle".
Is it simply a matter of setting up diff listeners as BlackSwan said above? Any help much appreciated!
|
|
|
|
|
|
| Re: JDBC connections on TLS/2484 and TCP/1521 [message #670812 is a reply to message #670811] |
Fri, 27 July 2018 03:15 |
tax_man
Messages: 10
Registered: March 2002
|
Junior Member |
|
|
John, I am confused by your second reply. I thought you implied that I *can* have TCPS in addition to the existing unencrypted listening end point, but it will be harder to setup. I'd just like to enable the 3rd party client to be able to talk over TLS whilst keeping the existing working connections on TCP as-is.
Thanks
|
|
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
