TLS in Oracle environment
A network connection that is initiated over TLS requires a TLS handshake between the client and server before performing the authentication. The handshake process includes the following:
The client and server choose the cipher suites and the encryption algorithms to use for data transfers.
To verify the identity of the server, the server sends its certificate to the client and the client verifies whether it was signed by a trusted CA.
If a client authentication is required, the client sends its certificate to the server, which the server verifies whether it was signed by a trusted CA.
The client and server use public key cryptography to exchange key information and each generates a session key. Both the keys are generally used for data encryption during a single communication session. Session keys are typically used to encrypt network traffic. A client and a server can negotiate a session key at the beginning of a session and that key is used to encrypt all the network traffic between the parties of that session. A new session key is generated if the client and server communicate over a new session. The subsequent communications between the client and server are encrypted and decrypted with the use of the session key and the negotiated cipher suite.
Authentication process includes the following:
The user initiates a Oracle Net connection from the client to the server using TLS.
TLS performs the handshake between the client and the server.
After a successful handshake, the server verifies whether the user has appropriate authorization to access the database.