Home » RDBMS Server » Security » Enable SSL Connection on Oracle Database 11.2.0.2 Standard Edition (Oracle Database Standard Edition 11.2.0.2)
Enable SSL Connection on Oracle Database 11.2.0.2 Standard Edition [message #683952] |
Mon, 08 March 2021 05:11 |
|
fuksas2000@yahoo.it
Messages: 3 Registered: March 2021
|
Junior Member |
|
|
In my enviroment Oracle Database Standard Edition 11.2.0.2 installed on Windows Server 2008R2 64 bit, i cannot set ssl for encryption only.
I've added in listener.ora:
LISTENER = (ADDRESS_LIST=(ADDRESS=(PROTOCOL=tcps)(HOST=servername)(PORT=2484)))
WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/server/wallet/path)))
SSL_CLIENT_AUTHENTICATION=FALSE
and in sqlnet.ora:
WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/server/wallet/path)))
SSL_CLIENT_AUTHENTICATION=FALSE
I reboot listner and i try to connect using jdbc string in sqldeveloper:
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=172.27.2.63)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=T3CONFS3)))
but i receive following error:
Status : Failure -Test failed: IO Error: Inbound closed before receiving peer's close_notify: possible truncation attack?, connect lapse 2 ms., Authentication lapse 0 ms.
On listener log.xml i have:
<msg time='2021-03-08T11:26:48.000+00:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='S3'
host_addr='fe80::39b0:60e4:ff3d:e26d%26'>
<txt>TNS-12560: TNS:protocol adapter error
TNS-00540: SSL protocol adapter failure
Can someone help me?
Thanks
|
|
|
|
Re: Enable SSL Connection on Oracle Database 11.2.0.2 Standard Edition [message #683957 is a reply to message #683953] |
Tue, 09 March 2021 01:22 |
|
fuksas2000@yahoo.it
Messages: 3 Registered: March 2021
|
Junior Member |
|
|
Sorry,
my enviroment is Windows and my listner.ora and sqlnet.ora are:
[i]# listener.ora Network Configuration File: C:\app\Administrator\product\11.2.0\dbhome_1\NETWORK\ADMIN\listener.ora
# Generated by Oracle configuration tools.
[i]SID_LIST_LISTENER =[/i]
(SID_LIST =
(SID_DESC =
(SID_NAME = CLRExtProc)
(ORACLE_HOME = C:\app\Administrator\product\11.2.0\dbhome_1)
(PROGRAM = extproc)
(ENVS = "EXTPROC_DLLS=ONLY:C:\app\Administrator\product\11.2.0\dbhome_1\bin\oraclr11.dll")
)
)
SSL_CLIENT_AUTHENTICATION = FALSE
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = C:\app\Administrator\product\11.2.0\dbhome_1\BIN\owm\wallets\Administrator)
)
)
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
)
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 172.27.2.64)(PORT = 1521))
)
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCPS)(HOST = 172.27.2.64)(PORT = 2484))
)
)
ADR_BASE_LISTENER = C:\app\Administrator[/i]
# sqlnet.ora Network Configuration File: C:\app\Administrator\product\11.2.0\dbhome_1\NETWORK\ADMIN\sqlnet.ora
# Generated by Oracle configuration tools.
# This file is actually generated by netca. But if customers choose to
# install "Software Only", this file wont exist and without the native
# authentication, they will not be able to connect to the database on NT.
SQLNET.AUTHENTICATION_SERVICES= (BEQ, TCPS, NTS)
SSL_VERSION = 0
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
SSL_CLIENT_AUTHENTICATION = FALSE
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = C:\app\Administrator\product\11.2.0\dbhome_1\BIN\owm\wallets\Administrator)
)
)
SSL_CIPHER_SUITES= (SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,SSL_DH_anon_WITH_RC4_128_MD5,SSL_DH_anon_WITH_DES_CBC_SHA)
ADR_BASE = C:\app\Administrator\product\11.2.0\dbhome_1\log
the output of lsnrctl status is:
C:\Users\Administrator>lsnrctl status
LSNRCTL for 64-bit Windows: Version 11.2.0.2.0 - Production on 09-MAR-2021 08:02:21
Copyright (c) 1991, 2010, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for 64-bit Windows: Version 11.2.0.2.0 - Production
Start Date 08-MAR-2021 16:43:11
Uptime 0 days 15 hr. 19 min. 12 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File C:\app\Administrator\product\11.2.0\dbhome_1\network\admin\listener.ora
Listener Log File C:\app\Administrator\diag\tnslsnr\Sito4\listener\alert\log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(PIPENAME=\\.\pipe\EXTPROC1521ipc)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=172.27.2.64)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=172.27.2.64)(PORT=2484)))
Services Summary...
Service "CLRExtProc" has 1 instance(s).
Instance "CLRExtProc", status UNKNOWN, has 1 handler(s) for this service...
Service "T3CONFS4XDB" has 1 instance(s).
Instance "t3confs4", status READY, has 1 handler(s) for this service...
Service "t3confs4" has 1 instance(s).
Instance "t3confs4", status READY, has 1 handler(s) for this service...
The command completed successfully
C:\Users\Administrator>
I've create a wallet only on server and generate a sso certificate only on server.
Then i try to connect from client with my java app using the string:
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=172.27.2.64)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=T3CONFS4)))
and i have following error:
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1615277692 bytes = { 119, 53, 142, 57, 164, 164, 91, 168, 176, 6, 181, 229, 9, 226, 213, 174, 52, 44, 90, 134, 17, 185, 12, 212, 187, 122, 169, 155 }
Session ID: {}
Cipher Suites: [SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA]
Compression Methods: { 0 }
Extension renegotiation_info, renegotiated_connection: <empty>
***
[write] MD5 and SHA1 hashes: len = 54
0000: 01 00 00 32 03 01 60 47 2E 7C 77 35 8E 39 A4 A4 ...2..`G..w5.9..
0010: 5B A8 B0 06 B5 E5 09 E2 D5 AE 34 2C 5A 86 11 B9 [.........4,Z...
0020: 0C D4 BB 7A A9 9B 00 00 04 00 1B 00 1A 01 00 00 ...z............
0030: 05 FF 01 00 01 00 ......
AWT-EventQueue-0, WRITE: TLSv1 Handshake, length = 54
[Raw write]: length = 59
0000: 16 03 01 00 36 01 00 00 32 03 01 60 47 2E 7C 77 ....6...2..`G..w
0010: 35 8E 39 A4 A4 5B A8 B0 06 B5 E5 09 E2 D5 AE 34 5.9..[.........4
0020: 2C 5A 86 11 B9 0C D4 BB 7A A9 9B 00 00 04 00 1B ,Z......z.......
0030: 00 1A 01 00 00 05 FF 01 00 01 00 ...........
AWT-EventQueue-0, received EOFException: error
AWT-EventQueue-0, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
AWT-EventQueue-0, SEND TLSv1.2 ALERT: fatal, description = handshake_failure
AWT-EventQueue-0, WRITE: TLSv1.2 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 03 00 02 02 28 ......(
AWT-EventQueue-0, called closeSocket()
AWT-EventQueue-0, called close()
AWT-EventQueue-0, called closeInternal(true)
listener trace give me error:
TNS-12560: TNS:protocol adapter error
TNS-00540: SSL protocol adapter failure
Can you help me?
Database 11.2.0.2 Standard Edition have support for ssl??
Thanks
-
Attachment: listener.log
(Size: 2.14KB, Downloaded 5758 times)
[Updated on: Tue, 09 March 2021 01:25] Report message to a moderator
|
|
|
Re: Enable SSL Connection on Oracle Database 11.2.0.2 Standard Edition [message #683958 is a reply to message #683957] |
Tue, 09 March 2021 03:20 |
John Watson
Messages: 8964 Registered: January 2010 Location: Global Village
|
Senior Member |
|
|
You could start by simplifying everything. Remove all the SSL_% parameters, and use SQL*Plus (not Java). If that works, great! If it doesn't you should get much better error messages, and can then enable SQL*Net tracing for both client and server.
As for whether SSL works with SE2, if I remember correctly (I could be wrong) it was only ever a licensing thing: any sort of encryption required EE licences until 12.x, when that restriction was removed for all editions and releases.
|
|
|
|
Goto Forum:
Current Time: Mon Jan 27 21:52:59 CST 2025
|