The Oracle driver supports SSL encryption for all supported Oracle databases.

To enable support for SSL connections to Oracle, the Oracle database must be configured for Oracle Advanced Security. For information about configuring your database server, refer to your Oracle documentation.

SSL secures the integrity of your data by encrypting information and providing authentication. See Data Encryption Across the Network for an overview.

Note: Connection hangs can occur when the driver is configured for SSL and the database server does not support SSL. You may want to set a login timeout using the LoginTimeout property to avoid problems when connecting to a server that does not support SSL.

See Using tnsnames.ora Files for information about configuring a tnsnames.ora file for SSL encryption.

To configure SSL encryption:

  1. Set the EncryptionMethod property to SSL.
  2. Use the CryptoProtocolVersion property to specify acceptable cryptographic protocol versions (for example, TLSv1.2) supported by your server.
  3. Specify the location and password of the truststore file used for SSL server authentication. Either set the TrustStore and TrustStore properties or their corresponding Java system properties (javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword, respectively).
  4. To validate certificates sent by the database server, set the ValidateServerCertificate property to true.
  5. Optionally, set the HostNameInCertificate property to a host name to be used to validate the certificate. The HostNameInCertificate property provides additional security against man-in-the-middle (MITM) attacks by ensuring that the server the driver is connecting to is the server that was requested.
  6. If your database server is configured for SSL client authentication, configure your keystore information:
    1. Specify the location and password of the keystore file. Either set the KeyStore and KeyStore properties or their corresponding Java system properties (javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword, respectively).
    2. If any key entry in the keystore file is password-protected, set the KeyPassword property to the key password.