Re: sqlnet.ora Issues

From: Paul Drake <bdbafh_at_gmail.com>
Date: Wed, 21 Sep 2022 16:52:17 -0400
Message-ID: <CAPptggXeGZpP3WH6H16WwogZtS3_hfHXOTsSTWegDxs+qMmV4Q_at_mail.gmail.com>

Scott,

Fascinating.

If you set the trace level in the affected client and in the server home to support AND run Wireshark (or equivalent to generate a pcap file) what do you find?

Overkill but deterministic.

Obviously if you do this for a long interval on a production system you're going to have a bad time. Filtering and orchestrating a quick test will be key.

Paul

On Wed, Sep 21, 2022, 15:24 Scott Canaan <srcdco_at_rit.edu> wrote:

> We are in the process of updating the sqlnet.ora files on all our
> databases and clients from:
>
>
>
> SQLNET.CRYPTO_CHECKSUM_CLIENT = REQUESTED
>
> SQLNET.ENCRYPTION_CLIENT = REQUESTED
>
> SQLNET.ENCRYPTION_TYPES_CLIENT= (AES256)
>
> SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT= (SHA1,MD5)
>
>
>
> To
>
>
>
> SQLNET.CRYPTO_CHECKSUM_CLIENT = REQUIRED
>
> SQLNET.ENCRYPTION_CLIENT = REQUIRED
>
> SQLNET.ENCRYPTION_TYPES_CLIENT= (AES256)
>
> SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT= (SHA512,SHA1,MD5)
>
>
>
> With the ultimate goal of only having SHA512. We just changed the dev
> servers and I have one customer that can’t connect to the dev server with
> the second set of entries above. His co-workers can. I can’t figure out
> what is different with his Oracle client install that won’t allow this to
> work. He has an Oracle 12.2 32-bit client. The database is Oracle 19c on
> Linux. A tnsping works, but sqlplus does not. He gets an ORA-12650: No
> common encryption or data integrity algorithm.
>
>
>
> The database server has the following sqlnet.ora:
>
>
>
> SQLNET.CRYPTO_CHECKSUM_CLIENT = REQUIRED
>
> SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT= (SHA512)
>
> SQLNET.CRYPTO_CHECKSUM_SERVER = REQUIRED
>
> SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER= (SHA512)
>
>
>
> SQLNET.ENCRYPTION_CLIENT = REQUIRED
>
> SQLNET.ENCRYPTION_TYPES_CLIENT= (AES256)
>
> SQLNET.ENCRYPTION_SERVER = REQUIRED
>
> SQLNET.ENCRYPTION_TYPES_SERVER= (3DES168,AES256)
>
>
>
> I can’t see why he gets the error.
>
>
>
> *Scott Canaan ‘88*
>
> *Sr Database Administrator *Information & Technology Services
> Finance & Administration
>
>
> *Rochester Institute of Technology *o: (585) 475-7886 | f: (585) 475-7520
>
> *srcdco_at_rit.edu <srcdco_at_rit.edu>* | c: (585) 339-8659
>
> *CONFIDENTIALITY NOTE*: The information transmitted, including
> attachments, is intended only for the person(s) or entity to which it is
> addressed and may contain confidential and/or privileged material. Any
> review, retransmission, dissemination or other use of, or taking of any
> action in reliance upon this information by persons or entities other than
> the intended recipient is prohibited. If you received this in error, please
> contact the sender and destroy any copies of this information.
>
>
>

--
http://www.freelists.org/webpage/oracle-l

Received on Wed Sep 21 2022 - 22:52:17 CEST

This message: [ Message body ]
Next message: Ali Alizadeh: "Re: sqlnet.ora Issues"
Previous message: Lok P: "Re: Higher Read response in 19C"
In reply to Scott Canaan: "sqlnet.ora Issues"
Next in thread: Ali Alizadeh: "Re: sqlnet.ora Issues"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message