The following table summarizes connection properties which can be used to enable SSL.

Table 1. Data encryption properties
Property Characteristic

CryptoProtocolVersion

Specifies a cryptographic protocol or comma-separated list of cryptographic protocols that can be used when TLS/SSL is enabled using the EncryptionMethod connection property.

DataIntegrityLevel

Determines the level of Oracle Advanced Security data integrity used for data sent between the driver and database server. The connection fails if the database server does not have a compatible integrity algorithm.

If set to rejected, the driver does not enable a data integrity check for data sent between the driver and database server. The connection fails if the database server specifies REQUIRED.

If set to accepted, the driver enables a data integrity check for data sent between the driver and database server if the database server requests or requires it.

If set to requested, the driver enables a data integrity check for data sent between the driver and database server if the database server permits it.

If set to required, the driver performs a data integrity check for data sent between the driver and database server. The database server must have data integrity check enabled. The connection fails if the database server specifies REJECTED.

The default is accepted.

DataIntegrityTypes

Determines the algorithm the driver uses to protect against attacks that intercept and modify data being transmitted between the client and server when data integrity is enabled using the DataIntegrityLevel property.

The default is the list of all the possible algorithms.

EncryptionLevel

Determines whether data is encrypted and decrypted when transmitted over the network between the driver and database server using Oracle Advanced Security encryption.

If set to rejected, data sent between the driver and the database server is not encrypted or decrypted. The connection fails if the database server specifies REQUIRED.

If set to accepted, data sent between the driver and the database server is encrypted and decrypted if the database server requests or requires it.

If set to requested, data sent between the driver and the database server is encrypted and decrypted if the database server permits it.

If set to required, data sent between the driver and the database server must be encrypted and decrypted. The connection fails if the database server specifies REJECTED.

The default is accepted.

EncryptionMethod

Determines whether data is encrypted and decrypted when transmitted over the network between the driver and database server.

If set to noEncryption, data is not encrypted or decrypted.

If set to SSL, data is encrypted using SSL. If the database server does not support SSL, the connection fails and the driver throws an exception.

The default is noEncryption.

EncryptionTypes

Specifies one or multiple algorithms to use if Oracle Advanced Security encryption is enabled using the EncryptionLevel connection property.

HostNameInCertificate

Specifies a host name for certificate validation when SSL encryption is enabled (EncryptionMethod=SSL) and validation is enabled (ValidateServerCertificate=true). This property is optional and provides additional security against man-in-the-middle (MITM) attacks by ensuring that the server the driver is connecting to is the server that was requested.

KeyPassword

Specifies the password that is used to access the individual keys in the keystore file when SSL is enabled (EncryptionMethod=SSL) and SSL client authentication is enabled on the database server. This property is useful when individual keys in the keystore file have a different password than the keystore file.

KeyStore

Specifies the directory of the keystore file to be used when SSL is enabled (EncryptionMethod=SSL) and SSL client authentication is enabled on the database server. The keystore file contains the certificates that the client sends to the server in response to the server’s certificate request.

KeyStorePassword

Specifies the password that is used to access the keystore file when SSL is enabled (EncryptionMethod=SSL) and SSL client authentication is enabled on the database server. The keystore file contains the certificates that the client sends to the server in response to the server’s certificate request.

TrustStore

Specifies the directory of the truststore file to be used when SSL is enabled (EncryptionMethod=SSL) and server authentication is used. The truststore file contains a list of the Certificate Authorities (CAs) that the client trusts.

TrustStorePassword

Specifies the password that is used to access the truststore file when SSL is enabled (EncryptionMethod=SSL) and server authentication is used. The truststore file contains a list of the Certificate Authorities (CAs) that the client trusts.

ValidateServerCertificate

Determines whether the driver validates the certificate that is sent by the database server when SSL encryption is enabled (EncryptionMethod=SSL). When using SSL server authentication, any certificate that is sent by the server must be issued by a trusted Certificate Authority (CA).

If set to true, the driver validates the certificate that is sent by the database server. If the HostNameInCertificate property is specified, the driver also validates the host name of the server available in the certificate. The HostNameInCertificate property is optional and provides additional security against man-in-the-middle (MITM) attacks by ensuring that the server the driver is connecting to is the server that was requested.

If set to false, the driver does not validate the certificate that is sent by the database server. The driver ignores any truststore information that is specified by the TrustStore and TrustStorePassword properties or Java system properties.

Truststore information is specified using the TrustStore and TrustStorePassword properties or by using Java system properties.

The default is true.