Forum Stats

  • 3,782,261 Users
  • 2,254,625 Discussions
  • 7,880,029 Comments

Discussions

Categories

TLSv1.2 with Thin JDBC driver

User_5FQQH
User_5FQQH Member Posts: 6 Red Ribbon
edited Nov 4, 2015 10:15AM in General Database Discussions

I've set up a secure connection, and the handshake connects using TLSv1.

Is there a way to have it negotiate TLSv1.2?

I'm using ojdbc7.jar from 12.1.0.2

Tagged:
· Share on TwitterShare on Facebook

Best Answer

Answers

  • Unknown
    Unknown
    edited Nov 3, 2015 7:34PM 
    4b46e1c7-25c8-482d-80a3-70a2eb58f321 wrote:

I've set up a secure connection, and the handshake connects using TLSv1.
Is there a way to have it negotiate TLSv1.2?

I'm using ojdbc7.jar from 12.1.0.2

    why are you posting a question about networking in an Oracle database forum?

    Oracle DB has NO inherent or builtin network capability & depends 100% upon the underlying OS for any & all network functionality.

    · Share on TwitterShare on Facebook
  • Unknown
    Unknown
    edited Nov 3, 2015 8:43PM

    Are you explicitly setting the protocol to TLSv2 using one of these methods?

    <span class="pun">-</span><span class="typ">Dhttps</span><span class="pun">.</span><span class="pln">protocols</span><span class="pun">=</span><span class="str">"TLSv2"</span><span class="pln"> </span>
<span class="typ">System</span><span class="pun">.</span><span class="pln">setProperty</span><span class="pun">(</span><span class="str">"https.protocols"</span><span class="pun">,</span><span class="pln"> </span><span class="str">"TLSv2"</span><span class="pun">);</span>

    If you need more help than the above then please mark the thread ANSWERED and repost it in the JDBC forum.

    When you repost provide the code you are using that shows how you are connecting.

    Also post any info about how the client JVM is being launched and the properties being set:

    · Share on TwitterShare on Facebook
  • Igoroshka
    Igoroshka Member Posts: 1,585 Gold Trophy
    edited Nov 4, 2015 5:12AM

    During handshake client and server agree on maximal common protocol. If you defined protocol as TLSv1.2 but actual communication is using TLSv1.0 probably server does not configured to support TLSv1.2+.

    · Share on TwitterShare on Facebook
  • Igoroshka
    Igoroshka Member Posts: 1,585 Gold Trophy
    edited Nov 4, 2015 5:17AM

    This may be interested -- https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https

    · Share on TwitterShare on Facebook
  • User_5FQQH
    User_5FQQH Member Posts: 6 Red Ribbon
    edited Nov 4, 2015 9:26AM 
    rp0428 wrote:

Are you explicitly setting the protocol to TLSv2 using one of these methods?

<span class="pun">-</span><span class="typ">Dhttps</span><span class="pun">.</span><span class="pln">protocols</span><span class="pun">=</span><span class="str">"TLSv2"</span><span class="pln"> </span>
<span class="typ">System</span><span class="pun">.</span><span class="pln">setProperty</span><span class="pun">(</span><span class="str">"https.protocols"</span><span class="pun">,</span><span class="pln"> </span><span class="str">"TLSv2"</span><span class="pun">);</span>

If you need more help than the above then please mark the thread ANSWERED and repost it in the JDBC forum.

When you repost provide the code you are using that shows how you are connecting.

Also post any info about how the client JVM is being launched and the properties being set:

    Thank you for a helpful response.

    I wasn't aware there was a JDBC-specific forum. When I searched the forums for "JDBC", one of the first hits I got was , which was in the "General" forum, so I thought I would start here.

    I've set -Dhttps.protocols to "TLSv1.2", but I continue to get "ClientHello, TLSv1" in the logs.

    I will repost in the JDBC forum.

    · Share on TwitterShare on Facebook
  • Unknown
    Unknown
    edited Nov 4, 2015 10:15AM Accepted Answer

    Thanks for reposting in the correct forum.

    Please mark this thread ANSWERED.

    · Share on TwitterShare on Facebook
This discussion has been closed.