fix(plugin-oracle): make native network encryption opt-in, default off (#1746)

[datlechin]

Root cause (confirmed from a TablePro packet capture)

The #1746 reporter (Oracle 11.2.0.4, no sqlnet.ora, so the server defaults to ENCRYPTION_SERVER = ACCEPTED) couldn't connect: the login handshake stalled and the server closed the socket after its 60-second INBOUND_CONNECT_TIMEOUT.

Decoding the capture: TablePro and the server complete the SNS/ANO security negotiation, then every later TTC payload is encrypted (high-entropy, where SQLcl against the same server stays clear text). oracle-nio negotiates AES, activates the cipher, and the encrypted handshake never completes against this server, so the client hangs.

oracle-nio's ANO request always advertised the encryption and data-integrity services (AdvancedNegotiation.encodeRequest), with no opt-out. Against a server that merely accepts encryption, that forces it on. Oracle's own clients (SQLcl, JDBC thin, python-oracledb) default to ENCRYPTION_CLIENT = ACCEPTED, which means "encrypt only if the server requires it", so they stay in clear text here.

Fix

oracle-nio fork (re-pinned to 1140759): Configuration.nativeNetworkEncryption (default false). When off, the ANO request advertises only the supervisor and authentication services, so a server that accepts but doesn't require encryption negotiates none and the session stays in clear text. When on, behavior is unchanged, for servers configured ENCRYPTION_SERVER = REQUIRED.

Plugin: a "Native network encryption" toggle on the Oracle connection form (off by default), threaded into the driver configuration.

This matches Oracle's default client behavior and unblocks 11g (and any server that only accepts encryption) without betting on an untestable in-handshake crypto fix.

Testing

• Fork unit test AdvancedNegotiationTests.omitsSecurityServicesWhenDisabled: with security services off the ANO advertises 2 services (supervisor + auth) and is smaller than the 4-service request. Existing ANO tests updated for the new signature. Full swift test --filter AdvancedNegotiationTests passes.
• Plugin side is configuration pass-through (the driver wrapper imports OracleNIO, so it can't run in the app test target); the behavior is covered by the fork test.
• swiftlint --strict clean on changed files.

Notes

• Oracle is a registry-only plugin, so this ships via a plugin-oracle-v* release.
• Builds on feat(plugin-oracle): show login handshake phase in connection-dropped diagnostic (#1746) #1763 (handshake-phase diagnostic), already merged. The reporter can confirm by retrying with the default (off).

https://claude.ai/code/session_01NVomHPErfCr8FWRVywmyVP

[mintlify]

Preview deployment for your docs. Learn more about Mintlify Previews.

Project	Status	Preview	Updated (UTC)
TablePro	🟢 Ready	View Preview	Jun 25, 2026, 11:39 AM

💡 Tip: Enable Workflows to automatically generate PRs for you.