TimesTenClassicSpecSpecClientTLS

TimesTenClassicSpecSpecClientTLS appears in TimesTenClassicSpecSpec.

The following table describes the syntax for TimesTenClassicSpecSpecClientTLS.

Table 20-4 TimeTenClassicSpecSpecClientTLS

Field Type Earliest Schema Version Supported In Description

auto

boolean

v4

Determines if the TimesTen Operator automatically creates self-signed certificates and configures TimesTen to use those certificates for client/server encryption.

Valid values are the following:

  • true: The TimesTen Operator automatically creates and configures self-signed certificates for client/server encryption.

  • false (default): The TimesTen does not automatically create and configure self-signed certificates for client/server encryption.

If you do not specify the auto datum, and any other field is specified in the .spec.ttspec.clientTLS clause, the default value for the auto datum is false.

ciphersuites

string

v4

Defines the cipher suite(s) used for client/server communication.

You can specify one or more cipher suites. Specify the desired cipher suites, comma-separated, and in order of preference.

The supported cipher suites are as follows:

  • SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

  • SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

  • SSL_RSA_WITH_AES_128_CBC_SHA256

The TimesTen Operator first checks to see if there is a ciphersuites entry in the db.ini file.

  • If there is an entry, the TimesTen Operator uses it.

  • If there is no entry, the TimesTen Operator uses the value specified in this datum.

  • If .spec.ttspec.clientTLS.auto is true, and there is no value specified in either the db.ini file or in this datum, the TimesTen Operator sets the value to SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256.

The TimesTen Operator adds the ciphersuites value to the TimesTen Server's sys.odbc.ini file.

See Configuration for TLS for Client/Server in the Oracle TimesTen In-Memory Database Security Guide.

eccurve

string

v4

Defines the size of the elliptical curve.

The supported values are as follows:

  • p256

  • p384 (default)

  • p521

See the -eccurve option of the TimesTen ttCreateCerts utility in the Oracle TimesTen In-Memory Database Reference.

encryption

string

v4

Defines the encryption setting for client/server access.

The supported values are as follows:

  • accepted

  • rejected

  • requested

  • required

The TimesTen Operator first checks to see if there is an encryption entry in the db.ini file.

  • If there is an entry, the TimesTen Operator uses it.

  • If there is no entry, the TimesTen Operator uses the value specified in this datum.

  • If .spec.ttspec.clientTLS.auto is true, and there is no value specified in either the db.ini file or in this datum, the TimesTen Operator sets the value to accepted.

The TimesTen Operator adds the encryption value to the TimesTen Server's sys.odbc.ini file.

See Configuration for TLS for Client/Server in the Oracle TimesTen In-Memory Database Security Guide.

signAlg

string

v4

Defines the elliptical curve signing algorithm.

The supported values are as follows:

  • ecdsasha256

  • ecdsasha384 (default)

  • ecdsasha512

See the -sign_alg option of the TimesTen ttCreateCerts utility in the Oracle TimesTen In-Memory Database Reference.

validity

integer

v4

Defines the number of days the created certificate is valid.

The minimum is 30 and the maximum is 9999.

The default is 3650.

See the -validity option of the TimesTen ttCreateCerts utility in the Oracle TimesTen In-Memory Database Reference.