Search for: tcps

TCPS and SSLv2Hello

Thanks to platform independence, the same java code work on different platforms. import java.util.Properties; import java.security.Security; import java.sql.*; import javax.net.ssl.*; public class KeyStore { public static void main(String argv[]) throws SQLException { String url=”jdbc:oracle:thin:@(DESCRIPTION=”+ “(ADDRESS=(PROTOCOL=TCPS)(Host=SRV01)(“+ “Port=1521))(CONNECT_DATA=(SID=DB01)))”; Properties props = new Properties(); props.setProperty(“user”, “scott”); props.setProperty(“password”, “tiger”); props.setProperty(“javax.net.ssl.trustStore”, “keystore.jks”); props.setProperty( “javax.net.ssl.trustStoreType”,”JKS”); props.setProperty( “javax.net.ssl.trustStorePassword”,”***”); DriverManager.registerDriver( new oracle.jdbc.OracleDriver()); Connection […]

check if using tcps part II

in your current session, as written there, check sys_context(‘USERENV’, ‘NETWORK_PROTOCOL’) in another session, you could grab some hints out of the network service banner. Do the maths, when it is not-not using ssl, it probably is… select sid,program, case when program not like ‘[email protected]% (P%)’ then (select max(case when NETWORK_SERVICE_BANNER like ‘%TCP/IP%’ then ‘TCP’ when […]

default listener port

Long time ago, Maxime Yuen registered 1521 for nCube License Manager. By googling I found : Ellison cleans house at nCube, and since them 1521 has been used as a default port for Oracle. Still, you’ll see nCube in IANA.ORG service names port numbers and in /etc/services the nCube name. I don’t know which one […]

SSL with PKCS12 truststore

Many many moons ago I vaguely remember having a similar issue with java keystore / truststore and microsoft certificates stores. When you start using SSL for your listener, you could potentially face a large number of issues amoung your toolsets. In my opinion, the most disastrous one is that you cannot monitor your database with […]

KeepAlive socket in 12c listener

A not uncommon issue with firewalls and listeners are timeouts. Your production database may be behind a firewall, you may connect from a remote location, even your Windows workstation may have some firewall activated, possibly you use ssh tunnels or TCPS. All those occasionally lead to timeouts and connection abortion, for instance ORA-03113 end-of-file on […]

ssl version

I wrote about ssl version in jdbc thin yesterday The default version also no longer works for the thick client with 12c client and 11g Server. With 11gR2 : C:> tnsping (DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=SRV01)(PORT=1521))) TNS Ping Utility for 64-bit Windows: Version 11.2.0.4.0 OK (100 msec) with 12cR1 : C:> tnsping (DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=SRV01)(PORT=1521))) TNS Ping Utility for 64-bit Windows: […]

jdbc ssl

I already wrote about jdbc hello world and listener with tcps. Let’s combine both technologies ! TCPS.java import java.util.Properties; import java.security.Security; import java.sql.*; import javax.net.ssl.*; public class TCPS { public static void main(String argv[]) throws SQLException { String url = “jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(Host=dbsrv001)(Port=12345))(CONNECT_DATA=(SID=DB01)))”; Properties props = new Properties(); props.setProperty(“user”, “scott”); props.setProperty(“password”, “tiger”); props.setProperty(“javax.net.ssl.trustStore”,”cwallet.sso”); props.setProperty(“javax.net.ssl.trustStoreType”,”SSO”); Security.addProvider(new oracle.security.pki.OraclePKIProvider()); DriverManager.registerDriver(new […]

user identified externally with SSL certificate

Today I configured my database to identify users with certificates. Check my previous post listener with tcps to find out how to configure a listener with SSL, which is a requisite. Ok, I have a listener.ora and a tnsnames.ora with SSL. I do not need a sqlnet.ora, the default values work. listener.ora LISTENER= (DESCRIPTION_LIST= (DESCRIPTION= […]