![]() ![]() So, for Workflow Builder 2.6.3.5, here is what we have found to work for the client-side sqlnet.ora: # So, for the Workflow Builder client, you are limited to the much older RC4_* encryption algorithms. Unfortunately, the even though the client *says* it can handle AES256 (and others), it actually can’t. Based on that, the server will choose the strongest encryption from the ones common to both client and server. Basically, it is allowing the negotiation to take place “normally”. ![]() Now, in the case of Workflow Builder 2.6.3.5 (which installs with a 10.1.0.2 client), it appears that the client is negotiating “in bad faith”. SQLNET.ENCRYPTION_TYPES_CLIENT=(AES256,AES192,3DES112,3DES168)Īgain, the ENCRYPTION_TYPES_CLIENT, this is a list of the algorithms that the client “can speak”. On the client, you would have similar parameters in the sqlnet.ora file (well, you don’t really need them because in many cases things will auto-negotiate based on defaults): # The server will negotiate the strongest encryption algorithm with the client. In the case of the “ENCRYPTION_TYPES_SERVER”, this is a list of encryption algorithms that the server will accept. With ANO, you specify params like this in the sqlnet.ora file: # Do we create one non-production environment entirely behind the firewall for the developers to use that doesn’t have the encryption turned on? What about making them ssh to the box directly and use WFLOAD?įinally, after a couple of months of back-and-forth with the support analysts, plenty of “level 16” traces, and a couple of debates, support was able to supply a solution. ![]() As time drug on, we started talking about other options. Since we have an external “DMZ” appsTier node, that meant that we had to turn on this SQL*Net encryption. The mandate from our internal security team was that all outside traffic had to be encrypted. Here, despite a number of attempts at playing with the sqlnet.ora settings, we were consistantly getting the “ORA-12599 TNS:cryptographic checksum mismatch” error. The only significant problem we encountered was with the Windows-based Workflow Builder 2.6.3.5 client. E-Business Suite was able to connect just fine, even our developers were connecting through TOAD. In particular, Section 10 of that document.Įverything was working well. To do this, we’re following note 376700.1 “Enabling SSL in Oracle E-Business Suite Release 12”. Basically, they’re turning on the SQL*Net encryption features of Oracle Advanced Networking Option in their R12.1.3/11.2.0.3 environments. This is a strange problem that we encountered at one of my clients recently. ![]()
0 Comments
Leave a Reply. |