| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Verifying encryption is working? (Oracle 8i, Win2k server)
In article <4048bce7$1_at_rutgers.edu>, Thomas T says...
>
>Hello everyone; I've just been playing with turning on encryption on our
>test server (Oracle 8i, Win2k server). I enabled the encryption- and it
>seemed way too easy... is there a way I can verify that encryption is
>actually on? At the workstation, I turned on tracing (Net8 local profile)
>and could see that it was finding the right info from the parameter file;
>and these lines were also in the trace file:
>
>***********
>na_tns: authentication is not active
>na_tns: encryption is active, using RC4_40
>na_tns: crypto-checksumming is not active
>***********
>
>One thing that's confusing me- I turned on admin tracing for the test
>server's listener. In the listener.log, it shows the following lines:
>
>***********
>nam_gbp: Parameter not found
>nam_gnsp: Reading parameter "SQLNET.ENCRYPTION_SERVER" from parameter file
>nam_gnsp: Parameter not found
>naequad: Using default value "ACCEPTED"
>nam_gic: entry
>nam_gic: Counting # of items in "SQLNET.ENCRYPTION_TYPES_SERVER" parameter
>nam_gic: Parameter not found
>nam_gic: exit
>naesno: Using default value "all available algorithms"
>***********
>At the top of the file, it looks like it's using the listener.ora file to
>find the sqlnet.encryption params? Should I put my
>sqlnet.encryption_server=required into the listener.ora, too? This is from
>top of the listener.trc file:
>
>--- PARAMETER SOURCE INFORMATION FOLLOWS ---
>Attempted load of system pfile source
>D:\oracle\ora81\network\admin\listener.ora
>Parameter source loaded successfully
>
>Attempted load of command line source
>Parameter source was not loaded
>
>
>
>If I change the server's setup to "required", and my workstation to
>"rejected", I don't get a login. When I put the server's setup back to
>"requested", and the client back to "accepted", I do get a login. So that
>should be enough to tell me that yes, it's working- but I'd like to see more
>proof!
>
>
>
To make sure, enable tracing at level 16 in both the client and server
sqlnet.ora. I would also set the parameters to "required" on both sides. That
will force encryption to be on for sure.
Try a connection. If it succeeds, you can verify that encryption is on by looking at the trace files.
You can ignore listener.ora. The listener is not involved in negotiating the encryption algorithm between the client and the server.
Rick
Rick Wessman
Oracle Corporation
The opinions expressed above are mine and do not necessarily reflect
those of Oracle Corporation.
Received on Fri Mar 05 2004 - 12:21:06 CST
 |
 |