JDBC Adapter connection over SSL

rvasisht · December 9, 2008, 11:24pm

Hello - We have an application whose security requirement is that all traffic must be over SSL. I have been able to confiugure SSL communication to MQ Series but not to Oracle. Is this even possible with the most current JDBC Adapter 6.5? If so, can you point me to some documentation?

I opened an SR with webMethods and they do not know of any documentation. But I am sure it’s possible. Back in 2003, we configured an Oracle PL/SQL stored procedure to invoke wM over an HTTPS wM port. If I recall, we added wM’s public cert in Oracle’s “wallet” and the PL/SQL developer used Oracle’s HTTPS package.

Of course, now we’re going in reverse (from wM to Oracle) and securing the whole adapter connection; so it’s not apples to apples. Here’s our configuration:

wM IS 7.1.2 on Solaris 10 (5.10)
Oracle 10gR2 (10.2.0.4) RAC

Thanks!
Rajesh

reamon · December 10, 2008, 12:08am

Check out this whitepaper from Oracle.

[URL]http://www.oracle.com/technology/tech/java/sqlj_jdbc/pdf/wp-oracle-jdbc_thin_ssl.pdf[/URL]

It looks like it’s a configuration of the driver more than it is a config of the JDBC adapter/connection.

fhouse · July 10, 2009, 3:06am

Rajesh-

Were you able to enable SSL with the JDBC Adapter 6.5? If so can you please summarize the changes that were required?

Based on your requirement that all traffic be over SSL, how did you deal with the internal webMethods pools? They rely on the DataDirect Connect JDBC Driver v3.6 packaged with webMethods and per the DataDirect documentation SSL is not supported.

Thanks,
Fred

rvasisht · October 1, 2009, 12:42am

Hi Fred - We’re implementing Oracle.Net encryption. While this isn’t SSL per se, I believe it does encrypt the data across the wire. Implementing oracle.net encryption requires some settings on the Oracle side. On the wM side, I added the following parameters:

For JDBC Adapter connections, I added these parms in otherProperties: oracle.net.encryption_client=requested; oracle.net.encryption_types_client=RC4_256; oracle.net.crypto_checksum_client=requested; oracle.net.crypto_checksum_types_client=MD5;

For wM internal db connection, I added similar string to the Database URL:
oracle.net.encryption_client=requested;oracle.net.encryption_types_client=RC4_256;oracle.net.crypto_checksum_client=requested;oracle.net.crypto_checksum_types_client=MD5

Hope that helps.

rvasisht · October 1, 2009, 1:12am

Oh, and by the way, we did some packet sniffing over the network and did verify that data was encrypted over the wire.

sambasiva.dadi · March 18, 2011, 1:57am

Hello Rajesh,
This is petty late post on your thread.

I have similar requirement on AS400 connection using AS400JDBC DataSource.
Do you have inputs which params we need to use in Other Parameters?

I have made changes as mentioned below in oracle connection and it seems its working fine, but how can i do the packet sniffing over my network to confirm data was encrypt while transmitting over JDBC connection.

Thanks,
Siva

rvasisht · May 27, 2011, 7:44pm

Hi Siva - We had to engage our network guys to install the packet sniffing software on both the Oracle and wM servers. I can’t recall anymore what that software was called.

Holger_von_Thomsen · September 19, 2011, 3:55pm

For the DataDirect-Driver for wM please update it to at least 3.7 or much more better 4.x.

7.1.3 and above are already supporting DataDirect 4.2. Check for the appropriate SharedComponent-Fixes available from Empower.

system · October 13, 2011, 10:05am

I believe you need the advanced security pack from Oracle to enable it on the Oracle side don’t you?

There’s a statement from SoftwareAG about encrypted JDBC on their website somewhere… It was one of those demosI think.

nittala · September 13, 2012, 2:24am

Hi

We have a similar requirement in IS 8.0.1 to use encryption to connect to Oracle (11.2.0.2.). Using ojdbc14 we couldn’t establish the connectivity. We upgraded the new jar file ojdbc6 and it worked for JDBC Adapter connection. But we are unable to connect to the same database for MWS. Can anyone please let me know if Data Direct for Oracle JDBC supports the below configuration

The configuration that worked for us after upgrading to ojdbc6 in IS
url=jdbc:oracle:thin:@(DESCRIPTION=(LOAD_BALANCE=on)(ADDRESS=(PROTOCOL=TCP)(HOST=XXXX)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=XXXX)(FAILOVER_MODE =(TYPE = SELECT)(METHOD = BASIC)(RETRIES = 180)(DELAY = 5))(SQLNET.ENCRYPTION_CLIENT=REQUESTED)(SQLNET.ENCRYPTION_TYPES_CLIENT=AES256)))

Oracle server side setting is mentioned below:
SQLNET.ENCRYPTION_SERVER = REQUIRED
SQLNET.ENCRYPTION_TYPES_SERVER = (AES256)

Setting that is not working when configuring in JDBC Pools:
jdbc:wm:oracle://:1521;ServiceName=;SQLNET.ENCRYPTION_CLIENT=REQUIRED;SQLNET.ENCRYPTION_TYPES_CLIENT=AES256

Minhaj_Mohamed · July 30, 2014, 5:05am

Hi,

Information in this thread is very useful. thank you all for your contribution. we have a situation
here where in we user AS/400 Adapter to communicate with one of the back end system.

we have a request from Security team to encryt the As400/adapter connection credential to the back end
while transporting. i do see here the details to peform the same for JDBC Connection with Oracle DB.
however any help on AS/400 Adatper would be very helpful.

Thanks

MM

rmg · July 30, 2014, 3:20pm

I don’t think it’s possible with AS/400 Adapter for encryption…can you try contact SAG support also and take advise for alternatives?

HTH,
RMG

Rajesh_Vasisht · August 5, 2014, 11:26pm

Hi MM - This is all JDBC protocol, so if the AS400 backend supports JDBC, you can probably insert the SSL piece into the connection string. I haven’t done it myself, but am thinking this link might help: