4 Replies Latest reply on Mar 31, 2016 6:25 PM by Yves Hamel

    Network data encryption for managed client

    Yves Hamel
    Yves Hamel Mar 30, 2016 2:34 PM

      Hi,

       

      In the latest release (12.1.0.2.4 )of the oracle managed data access client, from the specs, the network data encryption  works only if the databse resides on a Windows server. Is there a workaround for this if my database is on a different platform?

      I need to use the AES-256 encryption algorithm.

      Are you planning to add in a future release some kind of api to the managed data access client  to get it able to use any encryption algorithm on any platform?

       

      Thanks very much for your help,

      • 1600 Views
      • Tags:
        • 1. Re: Network data encryption for managed client
          Alex Keh - Product Manager-Oracle
          Alex Keh - Product Manager-Oracle Mar 30, 2016 9:43 PM (in response to Yves Hamel)

          Network data encryption works between managed ODP.NET and non-Windows DB servers. The confusion in the doc is likely due to the discussion of NTS authentication adapter next to the encryption section without a clear indicator that the subject matter changed. That doc issue will be fixed in the next revision.

          • 2. Re: Network data encryption for managed client
            Yves Hamel
            Yves Hamel Mar 31, 2016 3:18 PM (in response to Alex Keh - Product Manager-Oracle)

            Thanks Alex for your quick answer. However it doesn't seem to work in my environment cause as soon as I toggle on encryption on the server (AIX) then I'm having error ORA-12537: Network Session: End of file from my web api application. Here is what I have in my web.config client application :

             

              <oracle.manageddataaccess.client>

                <version number="*">

                  <dataSources>

                    <dataSource alias="TheDataSource" descriptor=" (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = serverName)(PORT = 1551))(CONNECT_DATA = (SERVICE_NAME = serviceName))) " />

                  </dataSources>

                  <settings>

                    <setting name="SQLNET.ENCRYPTION_CLIENT" value="ACCEPTED"/>

                    <setting name="SQLNET.ENCRYPTION_TYPES_CLIENT" value="AES256"/>

                  </settings>

                </version>

              </oracle.manageddataaccess.client>

              <connectionStrings>

                <add name="IvrDbContext" connectionString="DATA SOURCE=TheDataSource;PASSWORD=whatever;PERSIST SECURITY INFO=True;USER ID=whatever" providerName="Oracle.ManagedDataAccess.Client" />

              </connectionStrings>

             

            On the server side, my db admin added those lines :

             

            SQLNET.ENCRYPTION_SERVER=REQUIRED

            SQLNET.ENCRYPTION_TYPES_SERVER=(AES256)

            SQLNET.CRYPTO_CHECKSUM_SERVER=REQUIRED

            SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER=(MD5)

             

            Am I missing anything ?


            Thanks,

            Yves

            • 3. Re: Network data encryption for managed client
              Alex Keh - Product Manager-Oracle
              Alex Keh - Product Manager-Oracle Mar 31, 2016 4:43 PM (in response to Yves Hamel)

              Turn "off" checksumming on the server side and try to connect again. That is likely causing the problem. Checksumming is not supported until the upcoming April managed ODP.NET patch release. At that point, you will be able to use checksumming with managed ODP.NET.

              1 person found this helpful
              • 4. Re: Network data encryption for managed client
                Yves Hamel
                Yves Hamel Mar 31, 2016 6:25 PM (in response to Alex Keh - Product Manager-Oracle)

                That works fine. Thanks for your valuable help.

                 

                Yves