This discussion is archived
6 Replies Latest reply: Jul 19, 2012 8:24 AM by 950521 RSS

JDBC Thin driver is not connecting over SSL connection with SunPKCS11

950521 Newbie
Currently Being Moderated
Hi All,

To enforce FIPS compliance, I removed default providers and added SunPKCS11 which is configured to work with NSS.
Whenever I try to connect to Oracle Database using Thin JDBC driver with SSL enabled I get following exception:
java.sql.SQLRecoverableException: IO Error: The Network Adapter could not establish the connection
     at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:517)
     at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:557)
     at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:233)
     at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:29)
     at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:556)
     at java.sql.DriverManager.getConnection(Unknown Source)
     at java.sql.DriverManager.getConnection(Unknown Source)
     .
     .
     .
     .
Caused by: oracle.net.ns.NetException: The Network Adapter could not establish the connection
     at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:389)
     at oracle.net.resolver.AddrResolution.resolveAndExecute(AddrResolution.java:431)
     at oracle.net.ns.NSProtocol.establishConnection(NSProtocol.java:882)
     at oracle.net.ns.NSProtocol.connect(NSProtocol.java:267)
     at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1625)
     at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:365)
     ... 25 more
Caused by: oracle.net.ns.NetException: Unable to initialize ssl context.
     at oracle.net.nt.CustomSSLSocketFactory.getSSLSocketFactory(CustomSSLSocketFactory.java:324)
     at oracle.net.nt.TcpsNTAdapter.connect(TcpsNTAdapter.java:114)
     at oracle.net.nt.ConnOption.connect(ConnOption.java:130)
     at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:367)
     ... 30 more
Caused by: java.security.NoSuchAlgorithmException: SSL SSLContext not available
     at sun.security.jca.GetInstance.getInstance(Unknown Source)
     at javax.net.ssl.SSLContext.getInstance(Unknown Source)
     at oracle.net.nt.CustomSSLSocketFactory.getSSLSocketFactory(CustomSSLSocketFactory.java:310)
     ... 33 more
Looks like it's generated by call:
javax.net.ssl.SSLContext.getInstance("SSL");
I have tried with couple of other databases and respective JDBC drivers, I didn't get any such issue. Being curious I looked at PostgreSQL JDBC driver code and found it uses default SSLContext using
javax.net.ssl.SSLContext.getDefault(); 
and works without any issue.

In my code, call
javax.net.ssl.SSLContext.getInstance("TLS");
goes through without any issue.

URL used to connect:
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=172.16.254.1)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=ORCL)))
Does it mean that Thin JDBC driver doesn't support TLS protocol or not yet ready to work in FIPS compliant environment?

If it supports, is there any way to enforce driver to use TLS instead of SSL?

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points