TLS 1.0 Deprecation - Oracle 11.2.0.4 API interface issues.

回答済み
新規投稿

コメント

1件のコメント

  • finkej1

    Found the problem - excessive certificates....

    Once we removed the chain, except for the root certificate, from the Oracle wallet, things started working again.  I would speculate (that is, make a wild guess), that under TLS 1.2, Oracle was checking the certificates more closely, and differences between what was in the wallet, vs the certificate chain provided by the server was enough to make it reject the connection.

     

    Our past practice had been to load the cert chain from each new server we were connecting with.  Since this was back in the day of "what is a certificate", and each cert costing hundreds of dollars, we tended to see a lot of self signed certificates or certificates from "Sam's Discount Certificates" (Where each certificate comes with a free car wash).  Ah, those were the days.  But now we are actually connecting to servers that have real, valid certificates with a chain to a known root certificate authority.  Practice is starting to catch up with theory.

    0
    コメントアクション パーマリンク

サインインしてコメントを残してください。