Jdbc Thin With Aso Sqlnet.Encryption_client=Rejected Setting Allows Connection (Doc ID 421773.1)

Last updated on MARCH 08, 2017

Applies to:

JDBC - Version 10.2.0.1 and later
Advanced Networking Option - Version 10.2.0.1 and later
Information in this document applies to any platform.

Symptoms


Connecting using JDBC/thin 10.2.0.x driver to a database using a listener that is configured using the following sqlnet.ora:

SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER= (MD5)
SQLNET.AUTHENTICATION_SERVICES= (NTS)
SQLNET.ENCRYPTION_SERVER = required
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
SQLNET.CRYPTO_SEED = '1234567890'
SQLNET.ENCRYPTION_TYPES_SERVER= (RC4_40)
SQLNET.CRYPTO_CHECKSUM_SERVER = required


The java properties used for the JDBC/thin connection appear to be ignored. As a result the
default behaviour of the JDBC/thin is to use "ACCEPTED" which as the effect of accepting the
encrypted connection:

Properties props = new Properties();
props.put("ORACLE.NET.ENCRYPTION_CLIENT", "REJECTED");
props.put("ORACLE.NET.ENCRYPTION_TYPES_CLIENT", "( RC4_40 )");
props.put("ORACLE.NET.CRYPTO_CHECKSUM_CLIENT", "REJECTED");
props.put("ORACLE.NET.CRYPTO_CHECKSUM_TYPES_CLIENT", "( MD5 )");
props.put("ORACLE.NET.CRYPTO_SEED_CLIENT", "1234567890");
OracleDataSource ods = new OracleDataSource();
ods.setConnectionProperties(props);

 

The JDBC/thin client connects to the database which is unexpected since the client is requesting an unencrypted connection while the server is requiring encryption.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms