| CARVIEW |
Java Connectivity to Oracle Autonomous Database Serverless (ADB-S)
Oracle Autonomous Database allows both one-way TLS as well as mutual TLS (mTLS) for connection, the default being the later. Refer to QuickStart with Autonomous Database for detailed steps for using one-way TLS or mutual TLS (using Oracle Wallets) to connect to the Autonomous Database.Recommended Oracle JDBC Drivers
Oracle recommends using the latest Oracle JDBC version 19c which is the Long Term Release. Alternatively you can use the latest Oracle JDBC version 21c if you require its new features. 21c is an Innovation Release. Refer to page 6 of Lifetime Support Policy for more details about the support.
Recent Changes to ADB-S connectivity
DigiCert retired the Organizational Unit (OU) field for all public TLS/SSL certificates to comply with industry standards as of August 2022 per their announcement. This means that the public TLS/SSL certificates issued by DigiCert will no longer have an OU field. Refer to MOS note 2911553.1 for details. To avoid disruption to applications connecting to Oracle Autonomous Database Serverless (ADB-S) during the server side certificate change while preserving security, you must use hostname-based matching (a.k.a Domain Name (DN) matching) of the server certificate (for TLS server-authentication). The following versions of JDBC-thin support hostname-based matching:
- 21.6 (or later) or 19.15 (or later). These are the recommended versions that support "(security=(ssl_server_dn_match=yes))" in the TNS connection string.
- Other versions require that you turn on hostname-based matching explicitly (see last bullet point): Refer to Oracle JDBC Drivers Archive page for old versions.
- 21.5 (or before) and 19.14 (or before)
- 18.21.0.0-patched-for-bug-28492769 and 12.2.0.1-Patched-for-bug-28492769
- 12.1.0.2 and 11.2.0.4 with patch for bugs 28492769 and 19030178 (for hostname-based matching and TLS v1.2 support)
- You must also explicitly turn on DN matching using one of the methods below:
- programmatically: prop.setProperty("oracle.net.ssl_server_dn_match", "true"), or
- setting a Java system property: -Doracle.net.ssl_server_dn_match=true