Overview of TLS in TimesTen

TLS is an industry-standard protocol used to secure network connections. In TimesTen, TLS helps ensure that:

• Clients and servers can verify each other’s identities
• Data exchanged over the network is encrypted
• Tampering or modifications to data in transit are detected

TLS uses digital certificates that are based on public key infrastructure (PKI) to support trusted authentication between systems. Certificates and the cryptographic keys they contain are stored in Oracle Wallets, which are secure containers that TimesTen components use when initiating or accepting TLS connections.

When a TimesTen client connects to a TimesTen server (or when replication agents communicate), the following occurs:

1. Access Oracle Wallets. Each TimesTen component (client, server, or replication agent) reads its Oracle Wallet, which contains TLS certificates.
2. Verify identity. The server presents its certificate to the client. The client uses a trusted root certificate to verify that the server’s certificate is valid and that the server is authentic. If there is a requirement, the server can verify the client authenticity as well with the SSLClientAuthentication=1 connection attribute setting.
3. Perform a TLS handshake and establish session. TLS negotiates cryptographic parameters and establishes a secure session.
4. Encrypt communication. Once the session is established, all data exchanged over the network is encrypted and integrity protected.