Secure Sockets Layer  The server certificate

Chapter 3: Reference Topics for Oracle

SSL filter

When establishing a connection to an SSL-enabled DirectConnect for Oracle, the SSL security mechanism is specified as a filter on the master and query lines in the interfaces file (sql.ini on Windows). SSL is used as an Open Client and Open Server protocol layer that sits on top of the TCP/IP connection.

For example, a typical interfaces file on a UNIX machine using transport layer interface (tli) and SSL looks like this:

SERVER <retries><time-outs>

	query tli tcp /dev/tcp tli_add1 ssl
	master tli tcp /dev/tcp tli_add1 ssl

A typical sql.ini file on Windows using SSL looks like this:

[SERVER]

query=TCP,hostname,address1, ssl
master=TCP,hostname,address1, ssl

where:

hostname is the name of the server to which the client is connecting address1 is the port number of the host machine.

All connection attempts to a master or query entry in the interfaces file with an SSL filter must support the SSL protocol. A server can be configured to accept SSL connections and have other connections that accept plain text (unencrypted data), or use other security mechanisms.

For example, a DirectConnect for Oracle interfaces file on UNIX that supports both SSL-based connections and plain-text connections looks like this:

SYBSRV1 (tli format)

	master tli tcp /dev/tcp \x00020abc123456780000000000000000 ssl
	query tli tcp /dev/tcp \x00020abc123456780000000000000000 ssl
	master tli tcp /dev/tcp \x00020abd123456780000000000000000

Or, the same entry with the text format style of Sybase interfaces file on UNIX looks like this:

SYBSRV1 (text format)

	master tcp hostname 2748 ssl
	query tcp hostname 2748 ssl
	master tcp hostname 2749

An example of a socket-style interfaces file looks like this:

SYBSRV1

	master tcp ether hostname 2748 ssl 
	query tcp ether hostname 2748 ssl
	master tcp ether hostname 2749

In these examples, the SSL security service is specified on port number 2748(0x0abc). On SYBSRV1, DCO listens for clear text on port number 2749(0x0abd), which is without any security mechanism or security filter.




Copyright © 2005. Sybase Inc. All rights reserved. The server certificate

View this book as PDF