CipherSuites
The CipherSuites client connection attribute contains one
or more cipher suites used to configure Transport Layer Security (TLS) client/server
encryption.
TimesTen Release 26.1 supports TLS protocol version 1.3 and 1.2. While TLS 1.3 is more secure, faster, and efficient than TLS 1.2, TimesTen supports TLS 1.2 cipher suites for clients using older versions of TimesTen. A cipher suite is a set of authentication, encryption, and data integrity algorithms used for exchanging messages between network entities. In this case, the network entities are the TimesTen Client and the TimesTen Server.
You can specify one or more cipher suites for the TimesTen
client-specific CipherSuites connection attribute and for the
TimesTen server-specific CipherSuites connection attribute. If you
specify more than one cipher suite for the connection attribute, ensure to separate
each by a comma. TimesTen recommends that you list the cipher suites from strongest
to weakest. Ensure that the client and the server have at least one common cipher
suite. Cipher suite negotiation works as follows:
- If both client and server list at least one TLS 1.3 cipher suite,
TLS 1.3 is negotiated and TLS 1.2 cipher suites are ignored. When TLS 1.3 is
negotiated, the client and server select the first TLS 1.3 cipher suite that
appears in both
CipherSuiteslists. The order of cipher suites in the client’sCipherSuiteslist determines the selection. - If no mutually configured TLS 1.3 cipher suite exists, TimesTen falls back to TLS 1.2 cipher suites.. When TLS 1.2 is negotiated, the client proposes its ordered list of TLS 1.2 cipher suites. The server selects the first cipher suite from the client’s list that is also configured on the server.
If the server and client cannot agree on a common cipher suite, the secure connection fails.
See Secure Network Communication in TimesTen in Oracle TimesTen In-Memory Database Security Guide for more details:
Required Privilege
No privilege is required to change the value of this attribute.
Setting
Set CipherSuites as follows:
| Where to set the attribute | How the attribute is represented | Setting |
|---|---|---|
C or Java programs or UNIX and Linux
systems odbc.ini file in TimesTen for encrypted
communication between clients and the server.
|
CipherSuites |
Specify one or more TLS version 1.3 or 1.2 cipher suites in a comma-separated list from strongest to weakest. See Cipher Suites in TimesTen in Oracle TimesTen In-Memory Database Security Guide for the full list of supported cipher suites for TimesTen. |
|
Windows ODBC Data Source Administrator |
CipherSuites field on the Oracle TimesTen Client DSN Setup dialog. |
Specify one or more TLS version 1.3 or 1.2 cipher suites in a comma-separated list from strongest to weakest. See Cipher Suites in TimesTen in Oracle TimesTen In-Memory Database Security Guide to learn more about the supported cipher suites and how TimesTen negotiates cipher suite selection. |