Forum Stats

  • 3,836,897 Users
  • 2,262,204 Discussions

Discussions client fails to establish secure connection (TLS 1.2) to Oracle 12.1 server

AkshayHB Member Posts: 3 Green Ribbon
edited Jun 8, 2022 9:49AM in Database Security - General

Hi All,

We have Oracle client installed on our Solaris 10 machine and we were able to successfully establish secure connection (with SSL_VERSION set to 1.0 i.e., TLS 1.0) to 12cR1 server.

Couple of days ago, DBAs updated the configuration to support TLS 1.2 alone and since then client connection is failing.

This thread talks about the workaround (not defining SSL_VERSION parameter in sqlnet.ora), but this isn't working too.

Does this mean secure connection (TLS 1.2) using client to 12cR1 isn't possible?

Thanks and Regards




  • Jason_(A_Non)
    Jason_(A_Non) Member Posts: 2,106 Silver Trophy

    A good source of info is TLS 1.2 in Oracle Database and MES415 (Doc ID 2274242.1). In short, you need a minimum of Oct 2018 DB PSU. The article mostly talks about allowing TLS 1.2 support for incoming connections to the DB, but I believe it also allows outgoing TLS 1.2 as well.

  • AkshayHB
    AkshayHB Member Posts: 3 Green Ribbon

    The DB version is 12c and the client version being used is and we are making a native oracle connection (native DB drivers).

    Do you think any patch to be applied on my client machine to support TLS1.2 connectivity?

  • Jason_(A_Non)
    Jason_(A_Non) Member Posts: 2,106 Silver Trophy

    I don't know what patch level your DB is at, but I told you the minimum it needed to be at so that is up to you and the DBA(s) to determine whether patching needs to occur. Same for your 12.1 DB, you need July 2018 DB PSU in order for your 12.1 DB to support TLS 1.2.

  • AkshayHB
    AkshayHB Member Posts: 3 Green Ribbon

    Sorry, not sure what the confusion is.

    DB is already on and is the client version.

    We have two client machines; on one of the client machines we have oracle client installed and on another we have

    I am able to establish TLS1.2 secure connection from machine on which Oracle client is installed, whereas from the machine where client is available, I am not able to.

    Does applying any patch (not on DB server, but on client machine) on machine where oracle client is installed help in establishing TLS 1.2 secure connection or is 12c and later are the the minimum client versions that support TLS 1.2?

  • Jason_(A_Non)
    Jason_(A_Non) Member Posts: 2,106 Silver Trophy

    I'm the source of the confusion. When you listed out, I was immediately thinking you had an DB attempting to make a secure connection to an Oracle 12.1.x.x DB. That said, part of what I stated is still correct. In order for your Oracle DB to accept TLS 1.2 connections, the DB needs to be patched with July 2018 DB PSU or alter. As for the client, given the original Oracle DB did not support TLS 1.2, I'm going to say any client install derived from it would not either. Given I'm not sure where your client came from, I'm now going to talk about Oracle's Instant Client (yes a Windows link but it's what I run. I'm not sure how to tell if Oracle's Instant Client supports TLS 1.2 so you might need to go with a more recent version such as 12.2, 18.5, or 19.5 since all are backwards compatible (in theory).