Using TLS 1.2 With Oracle12c 12.1.0.2 Clients (Doc ID 2032127.1)

Last updated on NOVEMBER 14, 2016

Applies to:

Advanced Networking Option - Version 12.1.0.2 and later
Information in this document applies to any platform.

Symptoms

You are using Java ojdbc7 and connecting to rdbms version 12.1.0.2 using the Java thin JDBC client.

The JDBC THIN client (JDK 8, ojdbc8.jar) fails to establish connection with any of the these ssl cipher suites which are supported by 12.1 server:

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256

You need to be able to run TLS 1.2 but the highest level available when you configure the TNS connection is TLS 1.0.

The java call stack looks like this:

 

java.sql.SQLRecoverableException: IO Error: No appropriate protocol
  at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:754)
  at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:669)
  at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
  at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:664)
  at java.sql.DriverManager.getConnection(DriverManager.java:664)
  at java.sql.DriverManager.getConnection(DriverManager.java:208)
  at test4ssl.main(test4ssl.java:160)
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol
  at sun.security.ssl.Handshaker.activate(Handshaker.java:483)
  at sun.security.ssl.SSLSocketImpl.kickstartHandshake(SSLSocketImpl.java:1450)
  at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1319)
  at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:728)
  at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
  at oracle.net.ns.Packet.send(Packet.java:420)
  at oracle.net.ns.ConnectPacket.send(ConnectPacket.java:240)
  at oracle.net.ns.NSProtocolStream.negotiateConnection(NSProtocolStream.java:159)
  at oracle.net.ns.NSProtocol.connect(NSProtocol.java:265)
  at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1451)
  at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:498)

 

 

Changes

 You need to be able to run TLS 1.2 but the highest level available when you configure the TNS connection is TLS 1.0.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms