The SSL tab enables you to modify Secure Sockets Layer (SSL) settings. SSL is an industry standard protocol for securing network communications. SSL provides for authentication, encryption, and data integrity. Use SSL to secure communications between any client and any server. Specifically, you can use SSL to authenticate any client or server to one or more Oracle servers or an Oracle server to any client.
Configure SSL for Client
Select to modify settings for the client.
Configure SSL for Server
Select to modify settings for the server. The settings you need to configure for the server are similar to those you set for the client. There is one additional parameter: a check box titled: Require Client Authentication.
Wallet Configuration
A wallet is a construct that contains certificates, keys and trust points. Select one of the four configuration methods described in the table. If the method chosen is File System or Entrust Wallets, Browse to search for a wallet in your file system.
Wallet Configuration Method |
Access Method |
File system |
Directory path |
Microsoft certificate |
None |
Microsoft registry |
Registry key |
Entrust wallets |
Directory path |
Cipher Suite Configuration
Several SSL cipher suites have been installed by default. These default cipher suites will be overwritten if you add one or more manually.
Add button |
Choose to invoke the "Select a Cipher
Suite to enable" dialog box. In the "Select a Cipher Suite to
enable" dialog box, select a suite, and then choose OK.
The cipher suite is added to the list box. |
Remove button |
Choose to remove a selected Cipher Suite. |
Promote button |
Choose to move a selected Cipher Suite to a higher level in the list. |
Demote button |
Choose to move a selected Cipher Suite to a lower level in the list. |
Require SSL Version (optional)
From the list, select the version of SSL. The client and the server must use a compatible versions of SSL. You can select SSL v3.0 or choose to allow any existing or future version of SSL to be used.
Require Client Authentication (Server only)
This check box is selected by default. Deselect this check box if you do not want to require client-side authentication.
Match server X.509 name (Client only)
From the list, select whether or not check to see if the server's distinguished name (DN) matches its service name.
Yes |
Select to check the server DN. If the DN matches the service name, the connection succeeds. If the DN does not match the service name, the connection is successful, but an error is logged in the sqlnet.log file.. |
No |
Select to not check the server DN. Note: Ignoring this check can enable the server to fake its identity. |
Default by Version |
Select to |