Closed srtucker closed 1 year ago
I have a proof of concept implementation internally that needs a bit more review and testing. I'll ask internally regarding priority of completing this enhancement.
As an aside, my proof of concept has demonstrated that native network encryption (NNE) imposes a significant overhead on the network traffic. I see it taking up to 3 times longer to perform the same work with NNE as without. I'm not sure if there are other solutions that would satisfy your requirements, though!
Hi @anthony-tuininga - I am interested in having NNE available in thin-mode as well. We have regulatory requirements for encryption in transit that we are currently solving using NNE with cx_Oracle (ie. thick-mode). I'm looking to upgrade to python-oracledb to drop the need for the oracle client libraries, but need to have NNE for compliance. Are you able to share your POC implementation as a branch/patch that I can test?
The current plan is to focus on TLS. This is out of our hands.
Spoke to the powers-that-be again. We won't be supporting NNE in Thin mode. The solutions are to use TLS or Thick mode. Sorry!
If the official path from Oracle is that TLS is the future and NNE isn't, is there some recommendation or best practice in the Oracle docs that I could send to my DBA team to try to get them to start transitioning?
Let me ask the security team again where their doc rewrite is up to.
Describe your new request in detail All of our Oracle databases require connections to use Oracle Database Native Network Encryption, which is currently only supported in thick mode. It would be wonderful if python-oracledb added support for NNE in thin mode so we could remove the need for the Oracle client.
Give supporting information about tools and operating systems. Give relevant product version numbers I am primarily looking to utilize this in python3.9 AWS Lambdas (they run Amazon Linux 2) that connect to Oracle 19c (both on-prem and AWS RDS). Currently we have a lambda layer that provides the oracle instant client that we add to each lambda but that is what I would like to eliminate.
Thank you!