Oracle Database 11g how to connect to web service over HTTPS TLS1.1,TLS1.2

Question

In my current project, I have an Oracle Database 11g. On the database is installed Java 1.6.

My task is to connect over https to web service provider from database procedure (plsql). For this task have used Java stored procedure (rather than HTTP_UTIL plsql package) because I also need to sign XML with a certificate before sending. The whole process worked well til now (picture A).

Nowadays the web service provider has disabled the TLS1.0 and only TLS1.1 and TLS1.2 are supported. This brings me problems because Java 1.6 does not support TLS1.1 and TLS1.2 and it's impossible to upgrade Java on the database side. The idea is to write some kind of webservice proxy.. (picture B):

My idea is to make some kind of web service proxy (Web-service to Web-service communication over SSL) but doesn't know if this is the right approach to take? Another question is what is the best (simple) way to do that? For web service deployment I have Oracle Weblogic or Tomcat container.

thank you for any info. I can't get any support from Oracle about this scenario (consuming webservice from Oracle 11g over TLS1.1/TLS1.2).

score 1 · Accepted Answer · answered Mar 19 '18 at 08:16

1

You could use Bouncy Castle as an JCE Provider, if it is possible to load additional libs into the JVM. The you would have to use Bouncy Castle in your SSL Connection as described here.

Otherwise you could upgrade your database if you can somehow sign your XML in PL/SQL.

Else you can also go for the other alternative you mentioned, as long as it is in a secured environment it should not be a problem. Maybe this can also simplify your setup since you do not have to sign your XML in the database but can rather do it in the oracle/tomcat container.

answered Mar 19 '18 at 08:16

jojo_Berlin

673
1
4
19

Is there some example about how to add a certificate from local disk to TLSSocketConnectionFactory? I get the error: org.bouncycastle.crypto.tls.TlsFatalAlertReceived: handshake_failure(40) at org.bouncycastle.crypto.tls.TlsProtocol.handleAlertMessage(Unknown Source) – Ferguson Mar 19 '18 at 10:20
sure just take a look (here)[https://stackoverflow.com/questions/34887332/how-can-i-use-tls-1-2-in-java-6-with-an-apache-httpclient] – jojo_Berlin Mar 19 '18 at 19:58
Hi, I get the same error "org.bouncycastle.crypto.tls.TlsFatalAlertReceived: handshake_failure(40)". In my previous code (without Bouncy Castle) I have used KeyManagerFacotry, TrustManagerFactory and whit that have initialized: sslcontext.init(kmf.getKeyManagers(), tm, null); .. there must be a solution with BouncyCastle.. – Ferguson Mar 20 '18 at 07:39

score 0 · Answer 2 · answered Mar 21 '18 at 15:23

0

Solved with:

SSLContext sslcontext = SSLContext.getInstance("TLS",new BouncyCastleJsseProvider());

now I have to upload libraries with loadjava to Oracle database

answered Mar 21 '18 at 15:23

Ferguson

527
1
11
29

Oracle Database 11g how to connect to web service over HTTPS TLS1.1,TLS1.2

2 Answers2