Unable to establish a secure connection to Oracle over TLS
TLS 1.0 is being used which Oracle rejects
Except DLP 15.8 MP1+ and DLP 15.7 MP3, DLP used TLS 1.0 by default when communicating to the Oracle database. If it’s a recent patch of Oracle 19 or if the DBA has denied TLS 1.0, communication will break.
To address this we need to force the connection over TLS 1.2. There is a hotfix that needs to be applied to accomplish this. Please request this from support and reference this KB. Again this is implemented in 15.8 MP1. If you are on a previous release then follow the below instructions to enable this:
You can see this behavior in Wireshark taken on the Enforce server. You should see a client hello going from Enforce to Oracle and then Oracle sending a FIN right after it and then you will see a handshake failure. Key note here is it will never get to passing certificates. If it gets to certificates and you still see the error, most likely you need to import the cert as per the installation/upgrade guide. Follow the steps "About securing communications between the Enforce Server and the database" in the 15.7 installation and upgrade guides.
In case of DLP 15.8 MP1/DLP 15.7 MP3, new jar file is already updated, but we still need to perform steps 5,6 and 7 in order to force communication with Oracle DB over TLS 1.2.