【发布时间】:2014-03-04 13:00:28
【问题描述】:
我正在尝试将 Oracle 12 实例配置为允许(并稍后强制)SSL 加密连接(仅加密,无身份验证)。
我确实喜欢SSL With Oracle JDBC Thin Driver:
从listener.ora 更改为
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = myhost)(PORT = 1521))
)
)
到
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = myhost)(PORT = 1521))
(ADDRESS = (PROTOCOL = TCPS)(HOST = myhost)(PORT = 2484))
)
)
WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/tmp/oracle_wallet_tmp)))
SSL_CLIENT_AUTHENTICATION=FALSE
并将最后两行添加到 sqlnet.ora。
然后我用
创建了钱包orapki wallet create -wallet /tmp/oracle_wallet_tmp -pwd test1234
并用
重新启动监听器lsnrctl stop
lsnrctl start
非加密会话仍然可以正常工作。 但是
但是当我尝试通过 JDBC 在加密连接上进行连接时,我得到了
Exception in thread "main" java.sql.SQLRecoverableException: I/O-Fehler: Received fatal alert: handshake_failure
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:682)
at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:711)
at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:385)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:30)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:558)
at java.sql.DriverManager.getConnection(DriverManager.java:571)
at java.sql.DriverManager.getConnection(DriverManager.java:187)
at orassl.Orassl.<init>(Orassl.java:23)
at orassl.Orassl.main(Orassl.java:38)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1959)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
at oracle.net.ns.Packet.send(Packet.java:419)
at oracle.net.ns.ConnectPacket.send(ConnectPacket.java:241)
at oracle.net.ns.NSProtocolStream.negotiateConnection(NSProtocolStream.java:151)
at oracle.net.ns.NSProtocol.connect(NSProtocol.java:263)
at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1360)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:486)
... 8 more
监听器日志文件listener/alert/log.xml 只告诉我
<msg time='2014-03-04T14:03:19.906+01:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='myhost'
host_addr='hostip'>
<txt>04-MAR-2014 14:03:19 * <unknown connect data> * 12561
</txt>
</msg>
<msg time='2014-03-04T14:03:19.907+01:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='myhost'
host_addr='hostip'>
<txt>TNS-12561: TNS:unknown error
</txt>
</msg>
<msg time='2014-03-04T14:03:19.933+01:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='myhost'
host_addr='hostip'>
<txt>04-MAR-2014 14:03:19 * <unknown connect data> * 12561
</txt>
</msg>
<msg time='2014-03-04T14:03:19.933+01:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='myhost'
host_addr='hostip'>
<txt>TNS-12561: TNS:unknown error
</txt>
</msg>
客户端连接如下:
props.setProperty("oracle.net.ssl_cipher_suites", "(SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_RC4_128_MD5, SSL_DH_anon_WITH_DES_CBC_SHA)");
props.setProperty("user", "dbuser");
props.setProperty("password", "dbpass");
final Connection c= DriverManager.getConnection("jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=hostip)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=mysid)))", props );
我到底做错了什么?
【问题讨论】:
-
这是一般错误。启用跟踪以获取有关此错误的更多详细信息。
标签: oracle ssl encryption jdbc