My Oracle Support Banner

FAQ: TCPS / TLS / SSL / UTL_HTTP / UTL_SMTP Configuration and Queries in Oracle Database (Doc ID 2980134.1)

Last updated on JULY 20, 2024

Applies to:

Oracle Database - Enterprise Edition - Version 12.1.0.1 and later
Information in this document applies to any platform.

Purpose

This document aims to provide comprehensive answers to common queries related to the setup, configuration, and fundamental concepts of TCPS / TLS / SSL with respect to database and client-side implementation. Additionally, it addresses inquiries about the practical usage and implementation of UTL_HTTP / UTL_SMTP packages over TLS/SSL within a database environment

Questions and Answers

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Questions and Answers
 Understanding concept of TLS/SSL
 What is TLS/SSL?
 Difference between TLS/SSL protocol
 Significance of certificates in TLS/SSL
 How does TLS/SSL handshake work?
 What are Cipher Suites?
 Understanding TLS/SSL with Oracle Database
 Availability of TLS/SSL
 TCPS Protocol
 Significance of Wallet/orapki/PKCS#12
 How TLS/SSL handshake work between Oracle Database/Client
 One-way and Two-way(mTLS) TLS/SSL communication
 Difference between Self Signed and CA signed certificates
 Configuring TCPS- TLS/SSL on Oracle Database/Client
 How to configure One-way TLS/SSL encryption with Self signed and CA Signed certificates
 How to configure Two-way (mTLS) TLS/SSL encryption with Self signed and CA Signed certificates
 How to configure TLS/SSL in multitenant setup
 TLS/SSL method for CLIENT authentication
 Questions on usage orapki utility/wallet usage and TLS/SSL supported parameters
 Useful orapki commands across wallet location
 Checking certificate expired status in wallet
 Parameters used on listener.ora and sqlnet.ora supporting TLS/SSL connection
 CRL- Certificate Validation with Certificate Revocation Lists
 FIPS: Federal Information Processing Standard
 MES: Micro Edition Suite (MES)
 MCS: Microsoft Certificate Store (MCS)
 Understanding UTL_HTTP / UTL_SMTP packages
 Configuring UTL_HTTP/UTL_SMTP access using certificates and an Oracle Database wallet
 How to create a wallet at Database end?
 How to get destination Webserver/MailServer certificates ?
 Adding certificates to Oracle Database wallet
 Validating TLS/SSL communication is working reaching destination Webserver/Mailserver
 Configuring ACL/ACE to user credential which is reaching destination Webserver/Mailserver with TLS/SSL
 How to configure UTL_HTTP at database for CLIENT AUTHENTICATION over TLS/SSL
 Common General Queries
 TLS 1.3 Version supported on Oracle Database
 How to check TCPS-TLS/SSL connected session data is encrypted
 How to verify the TLS Version is used in TCPS Connection
 How to disable TLS 1.0 /1.1 and enable TLS 1.2
 Check if Database connection is connected Via TCPS
 EZ Connect syntax to connect to Database over TCPS with wallet
 Is it possible to have no wallet from Client Side and make TCPS/SSL Connection from remote client?
 How to restrict Client to connect to Database via TCP/TCPS
 PKI-04006: No Matching Private Key In The Wallet While Adding Final User Certificate to Wallet
 ORA-29106: Cannot import PKCS #12 wallet when calling UTL_HTTP package
 TLS Cipher Suite Authentication, Encryption, Integrity, and TLS Versions supported with Oracle Database
 Client / Server interoperability support matrix for different Oracle versions
 Reason for certificate related errors using UTL_HTTP/UTL_SMTP with TLS/SSL
 Traces to isolate TLS/SSL communication error.
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.