Oracle documentation bug SSL Version 1.2

There is a documentation bug already opened for this, so the docs should be updated soon.

FlagQuoteOff Topic1Like

Applies To

All Users

Summary

This document provides the steps needed to disable use of SSLv3 for Oracle database clients and servers to address the POODLE vulnerability in SSL as described by CVE-2014-3566.

Please refer to the following document:

SSL V3.0 "Poodle" Vulnerability - CVE-2014-3566 http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html

This document is intended for all levels of expertise.

Solution

Oracle database clients and services can be configured to disallow use of SSLv3 via the SSL_VERSION parameter in sqlnet.ora and listener.ora. To do so, update any sqlnet.ora and listener.ora configuration files used by database clients or servers that enable SSL to include an SSL_VERSION parameter that excludes the value "3.0". For example, the setting below will enforce the use of TLS 1.0 and disallow any other SSL versions including SSLv3:

SSL_VERSION=1.0

References:

Oracle Database Advanced Security Administrator's Guide (10g Release 2)

Oracle Database Security Guide (12c Release 1)

See the following link: http://docs.oracle.com/database/121/NETRF/sqlnet.htm#NETRF235

Compatibility Reference:

11.1.0.7 SSLv3, Upgradeable to TLSv1.0 with <BUG 6973000> UTL_HTTP DOES NOT SUPPORT TRANSPORT LAYER SECURITY VERSION 1

11.2.0.4 TLSv1.0, SSLv3, SSLv2

12c TLSv1.1, TLSv1.2

SSL_VERSION

Purpose

To force the version of the SSL connection.

Usage Notes

Clients and database servers must use a compatible version.

Default

undetermined

Values

复制代码
undetermined | 2.0 | 3.0

Example

复制代码
SSL_VERSION=2.0
相关推荐
乖巧的妹子15 小时前
SQL知识点
数据库·sql·oracle
Zww089116 小时前
erp系统常见优化点
数据库·oracle
—Miss. Z—19 小时前
计算机二级MySQL——基本操作题
数据库·mysql·oracle
G.O.G.O.G1 天前
《LeetCode SQL 从入门到进阶(MySQL)》06(下)
数据库·sql·oracle
名字还没想好☜2 天前
用 pytest fixture 组织可维护的测试:告别一堆重复的 setUp
数据库·python·oracle·pytest·测试
Leon-Ning Liu2 天前
【真实经验分享】Oracle RAC 修改 db_file_name_convert / log_file_name_convert 参数实践
数据库·oracle
Leon-Ning Liu2 天前
【真实经验分享】Oracle RAC + ASM 下 db_recovery_file_dest 路径格式导致 ORA-01261 无法 NOMOUNT
数据库·oracle
踏月的造梦星球3 天前
DMHS同步原理与DM8到DM8基础搭建
数据库·oracle
微三云 - 廖会灵 (私域系统开发)3 天前
电商系统监控告警体系从0到1:Prometheus+Grafana+AlertManager的全链路可观测性实践
oracle·grafana·prometheus
G.O.G.O.G3 天前
LeetCode SQL 从入门到精通(MySQL)05(下)
数据库·sql·oracle