IBM Support

How do we enable MDM Virtual to work with Oracle Advanced Security (OAS) non SSL

Technote (FAQ)


Oracle OAS and SSL used to go hand-in-hand however, there is a native network encryption provided by Oracle OAS to encrypt the data and validate data integrity without the use of SSL. When the Oracle database has the below setting within the server side sqlnet.ora, specifically the properties set to "REQUIRED" (the algorithm types can be multiple or single) and the SSL port is closed, the MDM deployment will fail with an error message from DataDirect driver odbc and jdbc queries. The native Oracle driver however, continues to work.

SQLNET.CRYPTO_SEED = <your setting here>


By default, Oracle native driver OAS parameters default to accepted

While the Data Direct driver EncryptionLevel and DataIntegrityLevel parameters default to rejected. This produces the following error within the logs.

[Oracle JDBC Driver]ORA-12660: Encryption or crypto-checksumming parameters incompatible DSRA0010E: SQL State = HY000, Error Code = 0.
[ODBC Oracle Wire Protocol driver][Oracle]Connection Dead. This may have occurred because the server requires Oracle Advanced Security. To enable the driver to use OAS, please use the DataIntegrityLevel and/or EncryptionLevel connect options.


Note: The following is compatible with MDM version 11.4 FixPack 4 and above. You must have ran through the initial steps to update to the latest DataDirect drivers before applying the steps described in this Technote. If you have not already done so, use steps 1-16 (omit the SSL section below step 16) of the following Technote to update the driver. If you have already applied the latest driver then you may skip the link and proceed to the steps below.

To work with Oracle's OAS parameters, the following needs to be set within MDM.

1. Add the following (case sensitive) to the odbc.ini file in two locations (if more than one node, repeat for each node).

Location 1:

Location 2:

2. Add the following (case sensitive) to the end of the file in two locations (if more than one node, repeat for each node).

Location 1:

Location 2:

3. In the WAS Admin console under Resources → JDBC → Data sources → MDM → Custom Properties , add two new properties (case sensitive).

property name “dataIntegrityLevel” value “accepted”
property name “encryptionLevel” value “accepted”

4. If you are using MDDM WebReports, add the following 2 parameters to your file.


5. If your Oracle server mandates encryption algorithms like 3DES168, You must install the Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files. Otherwise, you will see the following error:

AbstractServi E org.apache.aries.blueprint.container.AbstractServiceReferenceRecipe$Listener invokeMethods Error calling listener method public void$EvtWrkMgr1514314184.addIEventHandler(com.initiatesystems.hub.event.handler.IEventHandler,java.util.Map)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(
at sun.reflect.DelegatingMethodAccessorImpl.invoke(
at java.lang.reflect.Method.invoke(
at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(
at org.apache.aries.blueprint.container.AbstractServiceReferenceRecipe$Listener.invokeMethods(
at org.apache.aries.blueprint.container.AbstractServiceReferenceRecipe$Listener.bind(

Link to apply java patch:

6. Restart your WebSphere application server

Document information

More support for: Initiate Master Data Service

Software version: 11.4.0, 11.5

Operating system(s): Platform Independent

Software edition: Standard

Reference #: 1976585

Modified date: 26 February 2016