Dual TCP + TCPS listener

[sosoba]

1. What versions are you using?

Oracle 19, node-oracledb 6.0.1

2. Describe the problem

Hello. My DBA configured the lisener on two ports - TCP (for existing clients) and TCPS (for Node in thin mode).

# existing security options for TCP
SQLNET.CRYPTO_CHECKSUM_SERVER = required
SQLNET.ENCRYPTION_SERVER = required

# new option for TCPS with TLS
SQLNET.IGNORE_ANO_ENCRYPTION_FOR_TCPS = true

Unfortunately, enabling checksums also results in an NJS-501 error in Node. It seems that we can disable Native Encryption on the TCPS port but we can't disable check sums.

Is there a way to configure the base to enable dual listening:

• Native Encryption and checksum required for TCP
• Pure TLS for TCPS?

[anthony-tuininga]

I asked internally and was informed that this configuration is not currently supported. There is no way to turn off checksumming for tcps alone like can be done for encryption.

[sosoba]

Thank you very much. Unfortunately, this means that a smooth transition to thin mode is not possible.

[cjbj]

We'll log an enhancement request to the security group for you.

[cjbj]

@sosoba the feedback was that this has already (recently) been fixed. I'm still chasing up details and will check about what DB versions the fix might land in.

[sosoba]

Very interesting. I'm connecting to the version 19.17.0.0.0.

[sharadraju]

The fix is in our recent release (Oracle Database 23c). We are following up with the concerned team to see if it can be backported to earlier releases.