Manualshelf

Corporation Network Router User Manual

ManualsBrandsOracle ManualsNetwork RouterOracle Database B10772-01
191192193194195196197198199200
Enabling SSL
7-30 Oracle Database Advanced Security Administrator's Guide
4.
Use the up and down arrows to prioritize the cipher suites.
5. Choose File > Save Network Configuration.
The sqlnet.ora file is updated with the following entry:
SSL_CIPHER_SUITES= (SSL_cipher_suite1 [,SSL_cipher_suite2])
Step 5: Set the Required SSL Version on the Client (Optional)
You can set the SSL_VERSION parameter in the sqlnet.ora file. This parameter
defines the version of SSL that must run on the systems with which the client
communicates. You can require these systems to use any valid version. The default
setting for this parameter in sqlnet.ora is undetermined, which is set by
selecting Any from the list in the SSL tab of the Oracle Advanced Security window.
When Any is selected, TLS 1.0 is tried first, then SSL 3.0 and SSL 2.0 are tried in that
order. Ensure that the client SSL version is compatible with the version the server
uses.
To set the required SSL version for the client:
1. Navigate to the SSL tab of the Oracle Advanced Security window in Oracle Net
Manager, and select Configure SSL for: Client. (See Figure 7–5).
2. In the Require SSL Version list, the default setting is Any. Accept this default
or select the SSL version you want to configure.
3. Choose File > Save Network Configuration.
The sqlnet.ora file is updated. If you selected Any, then it is updated with
the following entry:
SSL_VERSION=UNDETERMINED
Step 6: Set SSL as an Authentication Service on the Client (Optional)
The SQLNET.AUTHENTICATION_SERVICES parameter in the sqlnet.ora file
sets the SSL authentication service. Typically, the sqlnet.ora file is located in the
same directory as the other network configuration files. Depending on your
platform, the sqlnet.ora file is in the following directory location:
(UNIX) ORACLE_HOME/network/admin
(Windows) ORACLE_BASE\ORACLE_HOME\network\admin\
Set the SQLNET.AUTHENTICATION_SERVICES parameter if you want to use SSL
authentication in conjunction with another authentication method supported by