Transport Layer Security and Secure Sockets Layer
Netscape Communications Corporation designed Transport Layer Security (TLS), previously called Secure Sockets Layer (SSL), to secure network connections.
-
The Difference Between Transport Layer Security and Secure Sockets Layer
Transport Layer Security (TLS) is an incremental version of Secure Sockets Layer (SSL) version 3.0. -
Using Transport Layer Security in a Multitenant Environment
Transport Layer Security (TLS) can be used in a multitenant environment for application containers.
The Difference Between Transport Layer Security and Secure Sockets Layer
Transport Layer Security (TLS) is an incremental version of Secure Sockets Layer (SSL) version 3.0.
Although SSL was primarily developed by Netscape Communications Corporation, the Internet Engineering Task Force (IETF) took over development of it, and renamed it Transport Layer Security (TLS). TLS is an IETF standard.
Oracle Database Security Guide uses the terms Transport Layer Security and TLS instead of Secure Sockets Layer and SSL since the Oracle Database has implemented TLS. However, other documentation in the Oracle Database library may still use the earlier terms Secure Socket Layer and SSL. Where distinctions occur between how you use or configure these protocols, Oracle Database Security Guide specifies what is appropriate for either SSL or TLS.
The Oracle Database software still uses some of the older terminology. For example, the netmgr tool still uses the terms Secure Socket Layer and SSL. Many SSL parameters, such as SSL_SERVER_CERT_DN, use the older terminology. The names of cipher suites and the wording in error messages also use the SSL terminology. However, all these features work with and apply to Transport Layer Security.
Using Transport Layer Security in a Multitenant Environment
Transport Layer Security (TLS) can be used in a multitenant environment for application containers.
If you want to use Transport Layer Security (TLS) in a multitenant environment for an application container, then you must ensure that each PDB is able to use its own wallet with its own certificates for TLS authentication.
-
Connect to the PDB that uses the wallet.
-
Place the wallet in a subdirectory of the
walletdirectory where the name of the subdirectory is the GUID of the PDB that uses the wallet.You must do this because there is no individual
sqlnet.orafile for each PDB. For example, suppose theWALLET_LOCATIONparameter insqlnet.orais set as follows:(SOURCE=(METHOD=FILE)(METHOD_DATA= (DIRECTORY=/home/oracle/wallet)))Place each PDB’s wallet in the
/home/oracle/wallet/PDB_GUIDdirectory. You can find the existing PDBs and their GUIDs by querying theDBA_PDBSdata dictionary view.If the
WALLET_LOCATIONparameter is not specified, then you must place the PDB wallet in a leaf subdirectory of the default wallet path where the name of the subdirectory is the GUID of the PDB, and the name of the leaf subdirectory isTLS. For example:$ORACLE_BASE/admin/db_unique_name/PDB_GUID/TLSOr if the
ORACLE_BASEenvironment variable is not set, then you can use the Oracle home:$ORACLE_HOME/admin/db_unique_name/PDB_GUID/TLSThese default locations correspond to the default that is used by Oracle Enterprise User Security to locate wallets for authentication to LDAP.
To enable the PDB to use separate certificates, create a subdirectory under the
$WALLET_LOCATION/PDB_GUID/TLSdirectory, and then copy the wallets to this subdirectory. -
Close and then reopen PDB.
ALTER PLUGGABLE DATABASE pdb_name CLOSE IMMEDIATE; ALTER PLUGGABLE DATABASE pdb_name OPEN;