Oracle vulnerability grants ‘free’ use of Advanced Security Option with Real Application Clusters
May 4, 2012 2 Comments
by Paul Bullen, Senior License Consultant
Oracle has released its latest security alert (here-30 April 2012), regarding “TNS Listener Poison Attack”. This affects 10gR2 and above. Interestingly, if you are using RAC on 10.2.0.3 and above, the workaround for this vulnerability requires use of Oracle Advanced Security (ASO), in particular SSL (Secure Sockets Layer) and TLS (Transport Layer Security) to ensure secure registration of listeners between instances. Oracle has therefore granted the use of SSL/TLS as part of the Oracle Real Application Clusters license.
Oracle has currently provided workarounds (My Oracle Support log in required) for 10.2.0.3 and above. All these versions are affected and require implementation of ASO to resolve.
We’d be interested to hear how you find implementing this workaround and your thoughts on the license change this makes for you.
In short, if you have Oracle RAC (on Enterprise or Standard Edition), RAC One Node and are running 10.2.0.3 and above, Oracle is now granting you the use of the extra-cost Advanced Security Option (specifically SSL/TLS) as well. It remains to be seen whether Oracle will rescind this entitlement in later releases or if a non-ASO solution is provided. The workaround for non-RAC instances uses IPC and does not require SSL/TLS – therefore the right to use ASO does not extend to non-RAC instances.
Rocela is not responsible for the content on non Rocela websites.