TimesTenClassicSpecSpecCustomClientTLS

TimesTenClassicSpecSpecCustomClientTLS appears in TimesTenClassicSpecSpec.

The following table describes the syntax for TimesTenClassicSpecSpecCustomClientTLS.

Table 18-5 TimeTenClassicSpecSpecCustomClientTLS

Field Type Earliest Schema Version Supported In Description

ciphersuites

string

v5

Defines the cipher suite(s) used for client/server communication.

You can specify one or more cipher suites. Specify the desired cipher suites, comma-separated, and in order of preference.

The supported cipher suites are as follows:

  • SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

  • SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

  • SSL_RSA_WITH_AES_128_CBC_SHA256

  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

  • TLS_RSA_WITH_AES_128_CBC_SHA256

  • TLS_RSA_WITH_AES_128_GCM_SHA256

  • TLS_RSA_WITH_AES_256_CBC_SHA256

  • TLS_RSA_WITH_AES_256_GCM_SHA384

The TimesTen Operator first checks to see if there is a ciphersuites entry in the db.ini file.

  • If there is an entry, the TimesTen Operator uses it.

  • If there is no entry, the TimesTen Operator uses the value specified in this datum.

  • If there is no value specified in either the db.ini file or in this datum, the TimesTen Operator sets the value to SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for ECDSA keys.

The TimesTen Operator adds the ciphersuites value to the TimesTen Server's sys.odbc.ini file.

See Configuration for TLS for Client/Server in the Oracle TimesTen In-Memory Database Security Guide.

encryption

string

v5

Defines the encryption setting for client/server access.

The supported values are as follows:

  • accepted

  • rejected

  • requested

  • required

The TimesTen Operator first checks to see if there is an encryption entry in the db.ini file.

  • If there is an entry, the TimesTen Operator uses it.

  • If there is no entry, the TimesTen Operator uses the value specified in this datum.

  • If there is no value specified in either the db.ini file or in this datum, the TimesTen Operator sets the value to accepted.

The TimesTen Operator adds the encryption value to the TimesTen Server's sys.odbc.ini file.

See Configuration for TLS for Client/Server in the Oracle TimesTen In-Memory Database Security Guide.

gracePeriod

integer

v5

Defines the amount of time (expressed in hours) that the Operator waits to finish the rotation of certificates. When the grace period is reached, the TimesTen Operator completes the rotation by automatically deleting old certificates and continuing with the most recent.

Note:

  • Minimum value is 0, indicating there is no grace period.

  • Maximum value is 96.

  • The default value is 24.

serverCert

string

v5

Defines a secret containing a PKCS#12 (PFX) file with the full chain of the server certificate.