Oracle OCI parallel connection to an encrypted and non-encrypted Oracle instance

Question

From the same PHP script I need to connect to two different Oracle databases, one which requires an encrypted connection and one which doesn't. The problem is that the one which requires encrypted connection doesn't mandate it on servers side, so I need to set 'require' on client side.

I can do that by creating an sqlnet.ora file in my $ORACLE_HOME:

SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT = (MD5)
SQLNET.ENCRYPTION_TYPES_CLIENT = (RC4_256)
SQLNET.ENCRYPTION_CLIENT = required
SQLNET.CRYPTO_CHECKSUM_CLIENT = required

The problem is that then my other connection will also require encryption, so it will fail. I need both connections in the same script, so I cannot just set a different ORACLE_HOME for the two, as they are part of the same script.

Anybody has any idea how to resolve this? Would it be possible to set the encryption on connection level, so I could set one as 'require' and other to 'none'? Would it be possible to have two different ORACLE_HOMEs in the same script for the two different connections?

Answer 1

When using required the connection will fail if the other side specifies rejected (no encryption), or if there is no compatible algorithm on the other side.

You need to use requested. When using requested the service (encryption) will be active if the other side of the connection specifies either accepted, required, or requested, and there is a compatible algorithm available on the other side; it will otherwise be inactive (but wont fail).

Source: Oracle Database Online Documentation 11g Release 1 (11.1) / Database Administration / Securing the Network