zoukankan      html  css  js  c++  java
  • sqlnet设置网络传输加密

    1、查看加密组件
    [qdtais1]@ht01[/home/oracle]$adapters

    Installed Oracle Net transport protocols are:

    IPC
    BEQ
    TCP/IP
    SSL
    RAW
    SDP/IB

    Installed Oracle Net naming methods are:

    Local Naming (tnsnames.ora)
    Oracle Directory Naming
    Oracle Host Naming
    Oracle Names Server Naming

    Installed Oracle Advanced Security options are:

    RC4 40-bit encryption
    RC4 56-bit encryption
    RC4 128-bit encryption
    RC4 256-bit encryption
    DES40 40-bit encryption
    DES 56-bit encryption
    3DES 112-bit encryption
    3DES 168-bit encryption
    AES 128-bit encryption
    AES 192-bit encryption
    AES 256-bit encryption
    MD5 crypto-checksumming
    SHA-1 crypto-checksumming
    Kerberos v5 authentication
    RADIUS authentication

    2、设置网络加密,只对服务端进行设置,客户端默认设置是ACCEPTED
    SQLNET.ENCRYPTION_SERVER = requested
    SQLNET.ENCRYPTION_TYPES_SERVER= (RC4_256)
    加密设置是否生效参考官网
    https://docs.oracle.com/cd/E11882_01/network.112/e40393/asoconfg.htm#ASOAG9599

    Client Setting	Server Setting	Encryption and Data Negotiation
    REJECTED	REJECTED	OFF
    ACCEPTED	REJECTED	OFF
    REQUESTED	REJECTED	OFF
    REQUIRED	REJECTED	Connection fails
    REJECTED	ACCEPTED	OFF
    ACCEPTED	ACCEPTED	OFFFoot 1 
    REQUESTED	ACCEPTED	ON
    REQUIRED	ACCEPTED	ON
    REJECTED	REQUESTED	OFF
    ACCEPTED	REQUESTED	ON
    REQUESTED	REQUESTED	ON
    REQUIRED	REQUESTED	ON
    REJECTED	REQUIRED	Connection fails
    ACCEPTED	REQUIRED	ON
    REQUESTED	REQUIRED	ON
    REQUIRED	REQUIRED	ON
    

      

    设置完sqlnet以后不用重启监听
    验证是否加密可以trace sqlnet
    #Trace file setup
    trace_level_server=16
    trace_level_client=16
    trace_directory_server=/home/oracle/trace
    trace_directory_client=/home/oracle/trace
    trace_file_client=cli
    trace_file_server=srv
    trace_unique_client=true
    diag_adr_enabled = off

    [qdtais1]@ht01[/home/oracle/trace]$cat srv_6038.trc |grep "encryption is active"
    [09-MAY-2019 18:58:28:817] na_tns: encryption is active, using RC4_256

    除拉trace sqlnet以外还可以使用wireshark抓包来看具体是否加密

    yum install wireshark-*

    wireshark启动抓包工具,使用下面条件过滤

    ip.addr eq 192.168.20.221 and tns

    这是没有加密

     

    下面是加密过的

    加密以后包变大拉

    加密解密性能影响,参考http://www.orafaq.com/wiki/Network_Encryption

    AlgorithmNoneMD5SHA-1
    Time %None Time %None Time %None
    None 79.6 s   80.5 s 101% 82.4 s 104%
    DES 104.7 s 132% 107.1 s 135% 108.2 s 136%
    3DES168 151.8 s 191% 153.9 s 193% 155.6 s 196%
    AES128 88.8 s 112% 90.5 s 114% 92.1 s 116%
    AES256 91.8 s 115% 93.5 s 117% 94.2 s 118%
    RC4_128 81.6 s 103% 82.5 s 104% 85.0 s 107%
    RC4_256 81.7 s 103% 82.8 s 104% 85.0 s 107%

      

  • 相关阅读:
    洛咕11月月赛部分题解 By cellur925
    POJ 2411 Mondriaan's Dream 【状压Dp】 By cellur925
    Luogu P1637 三元上升子序列【权值线段树】By cellur925
    Luogu P1438无聊的序列【线段树/差分】By cellur925
    Luogu P1558 色板游戏【线段树/状态压缩】By cellur925
    Luogu P4403 [BJWC2008]秦腾与教学评估【二分答案】By cellur925
    Luogu P3941 入阵曲【前缀和】By cellur925
    查询事件状态,mysql查看事件是否开启,设置启动时自动开启方法
    Logback详细整理,基于springboot的日志配置
    使用release自动打包发布正式版详细教程
  • 原文地址:https://www.cnblogs.com/omsql/p/10845235.html
Copyright © 2011-2022 走看看