• Use the -S option of the ISL command to specify which port of the IIOP Listener/Handler will listen for secure connections using the SSL protocol. You can configure the IIOP Listener/Handler to allow only SSL connections by setting the -S option and -n option of the ISL command to the same value.
• If you are using a remote CORBA C++ ORB, use the -ORBsecurePort command-line option on the ORB to specify which port of the ORB will listen for secure connections using the SSL protocol. You should set this command-line option when using callback objects or the CORBA Notification Service.Defining a secure port for SSL network connections requires the license for the SSL protocol to be installed. If the -S option or the -ORBsecurePort command-line option is executed and a license to enable the use of the SSL protocol does not exist, the IIOP Listener/Handler or CORBA C++ ORB will not start.
• In the IIOP Listener/Handler, specify the -v option of the ISL command.
• In the CORBA C++ ORB, specify the –ORBpeerValidate command-line option.
• none—no host matching is performed.
• detect—if the object reference used to make the SSL connection does not match the host name in the target’s digital certificate, the IIOP Listener/Handler or the ORB does not authenticate the target and drops the SSL connection. The detect value is the default value.
• warn—if the object reference used to make the SSL connection does not match the host name in the target’s digital certificate, the IIOP Listener/Handler or the ORB sends a message to the user log and continues processing.If there is more than one IIOP Listener/Handler in an Oracle Tuxedo domain configured for SSL connections (for example, in the case of fault tolerance), Oracle recommends using DNS alias names for the IIOP Listener/Handlers or creating different digital certificates for each IIOP Listener/Handler. The –H switch on the IIOP Listener can be used to specify the DNS alias name so that object references will be created correctly.
• Use the -z and -Z options of the ISL command to set the encryption strength in the IIOP Listener/Handler.
• Use the -ORBminCrypto and -ORBmaxCrypto command-line option on the ORB to set the encryption strength in the CORBA C++ ORB.The -z option and the -ORBminCrypto command-line option set the minimum level of encryption used when an application establishes an SSL connection with the IIOP Listener/Handler or the CORBA C++ ORB. The valid values are 0, 40, 56, and 128. A value of 0 means the data is signed but not sealed while 40, 56, and 128 specify the length (in bits) of the encryption key. If this minimum level of encryption is not met, the SSL connection fails. The default is 40.The -Z option and the -ORBmaxCrypto command-line option set the maximum level of encryption used when an application establishes an SSL connection with the IIOP Listener/Handler or the CORBA C++ ORB. The valid values are 0, 40, 56, and 128. Zero means that data is signed but not sealed while 40, 56, and 128 specify the length (in bits) of the encryption key. The default minimum value is 40. The default maximum value is whatever capability is specified by the license.The –z or –Z options and the -ORBminCrypto and -ORBmaxCrypto command-line options are available only if the license for the SSL protocol is installed.Table 6‑1 lists combinations of encryption values and describes the encryption behavior.
Table 6‑1 Combinations of Encryption Values If the use of the SSL protocol is specified by some other command-line option or system property but no values are specified for ORBminCrypto and ORBmaxCrypto, these command-line options or system properties are assigned their default values. Privacy protection can be negotiated to the value specified by the -Z option as long as it is less than the maximum allowed by the SSL license. The -z option defaults to 40. Privacy protection can be negotiated between the values specified by the -z option up to the value specified by the -Z option as long as the values are less than the maximum allowed by the SSL license.
Note: In all combinations listed in Table 6‑1, the value of the SSL license controls the maximum bit strength. If a bit strength is specified beyond the maximum licensed value, the IIOP Listener/Handler or ORB will not start and an error will be generated indicating the bit strength setting is invalid. Stopping the IIOP Listener/Handler or ORB from starting, instead of lowering the maximum value and giving only a warning, protects against an incorrectly configured application running with less protection than was expected.For a list of cipher suites supported by the CORBA security environment, see “Supported Cipher Suites” on page 2‑10.Use the -R option of the ISL command to control the time between session renegotiations. Periodic renegotiation of an SSL session refreshes the symmetric keys used to encrypt and decrypt information which limits the time a symmetric key is exposed. You can keep long-term SSL connections more secure by periodically changing the symmetric keys used for encryption.The –R option specifies the renegotiation interval in minutes. If an SSL connection does renegotiate within the specified interval, the IIOP Listener/Handler will request the application to renegotiate the SSL session for inbound connections or actually perform the renegotiation in the case of outbound connections. The default is 0 minutes which results in no periodic session renegotiations.You cannot use session renegotiation when enabling certificate authentication using the -a option of the ISL command.Specifies the location of the private key file. For example, $TUXDIR/udataobj/security/keys/milozzi.pem.Specifies an environment variable that holds the pass phrase for the private key of the IIOP Listener/Handler when the tmloadcf command is not run interactively. Otherwise, you will be prompted for the pass phrase when you enter the tmloadcf command.ISH.28014: LIBPLUGIN_CAT:2008:ERROR:No such file or directory SEC_PRINCIPAL_LOCATION
ISH.28014:ISNAT_CAT:1552:ERROR:Could not open private key, erro =-3011
ISH.28104:ISNAT_CAT:1544:ERROR:Could not perform SSL accept from host/port//IPADDRESS:PORTThese parameters are included in the part of the SERVERS section of the UBBCONFIG file that defines the ISL system process.You also need to use the tpusradd command to define the IIOP Listener/Handler as an authorized user in the Oracle Tuxedo domain. You will be prompted for a password for the IIOP Listener/Handler. Enter the pass phrase you defined for SEC_PRINCIPAL_PASSVAR.During initialization, the IIOP Listener/Handler includes its principal name as defined by SEC_PRINCIPAL_NAME as an argument when calling the authentication plug-in to acquire its credentials. An IIOP Listener/Handler requires credentials so that it can authenticate remote client applications that want to interact with the CORBA application, and get authorization and auditing tokens for remote client applications.Because the IIOP Listener/Handler must authenticate its own identity to the Oracle Tuxedo domain in order to become a trusted system process, it is necessary to configure an authentication server when using the default authentication plug-in. See “Configuring the Authentication Server” on page 7‑2 for more information.You set parameters for the SSL protocol in the portion of the SERVERS section of the UBBCONFIG that defines information for the ISL server process. Listing 6‑1 includes code from a UBBCONFIG file that set parameters to configure the IIOP Listener/Handler for the SSL protocol and certificate authentication.Listing 6‑1 Using the ISL Command in the UBBCONFIG File...
ISL
SRVGRP = SYS_GRP
SRVID = 5
CLOPT = “-A -- -a -z40 -Z128 -S3579 -n //ICEPICK:2569
SEC_PRINCIPAL_NAME=”BLOTTO”
SEC_PRINCIPAL_LOCATION=”BLOTTO.pem”
SEC_PRINCIPAL_VAR=”AUDIT_PASS”Listing 6‑2 contains sample code that illustrates using the command-line options on the CORBA C++ ORB to configure the ORB for the SSL protocol.