Skip to Main Content

Database Software

Native encryption not working

T1DSoldierApr 21 2020 — edited Apr 22 2020

Native encryption does not seem to be working

OS: RH7

DB 12.2.0.1

sqlnet has the below settings

NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)

ADR_BASE = /u01/app/oracle

SQLNET.EXPIRE_TIME=3

SQLNET.INBOUND_CONNECT_TIMEOUT=300

SSL_VERSION=1.2

SSL_CLIENT_AUTHENTICATION = TRUE

#CIPHER_SUITES

SSL_CIPHER_SUITES = (SSL_RSA_WITH_AES_256_CBC_SHA256,SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,SSL_RSA_WITH_AES_128_GCM_SHA256,SSL_RSA_WITH_AES_256_GCM_SHA384)

SQLNET.ALLOWED_LOGON_VERSION_SERVER = 11

SQLNET.ALLOWED_LOGON_VERSION_CLIENT = 11

SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT= (SHA384)

SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER= (SHA384)

SQLNET.CRYPTO_CHECKSUM_CLIENT = REQUIRED

SQLNET.CRYPTO_CHECKSUM_SERVER = REQUIRED

SQLNET.ENCRYPTION_TYPES_CLIENT= (AES256)

SQLNET.ENCRYPTION_TYPES_SERVER= (AES256)

SQLNET.ENCRYPTION_CLIENT = REQUIRED

SQLNET.ENCRYPTION_SERVER = REQUIRED

---listener

SID_LIST_LISTENER  =

  (SID_LIST =

    (SID_DESC =

      (ORACLE_HOME = /u01/app/oracle/product/12.2.0/database)

      (SID_NAME = orcl)

      (ENVS="TNS_ADMIN=/u01/app/oracle/product/12.2.0/database/network/admin_non_ssl")

    )

)

Client Trace

(24244) [21-APR-2020 13:14:13:914] naeecom: Encryption inactive(24244) [21-APR-2020 13:14:13:914] naeecom: exit

(24244) [21-APR-2020 13:14:13:914] naeccom: entry

(24244) [21-APR-2020 13:14:13:917] naeccom: The server chose the 'SHA384' crypto-checksumming algorithm

(24244) [21-APR-2020 13:14:13:917] naeccom: exit

(24244) [21-APR-2020 13:14:13:917] na_tns: entry

(24244) [21-APR-2020 13:14:13:917] na_tns: Secure Network Services is available.

(24244) [21-APR-2020 13:14:13:917] nau_adi: entry

(24244) [21-APR-2020 13:14:13:917] nau_adi: exit

(24244) [21-APR-2020 13:14:13:917] na_tns: Authentication is not active

(24244) [21-APR-2020 13:14:13:918] na_tns: Encryption is not active

(24244) [21-APR-2020 13:14:13:918] na_tns: Crypto-checksumming is active, using SHA384

I am not sure why it is not encrypting the communications

Thanks

Dave

This post has been answered by T1DSoldier on Apr 22 2020
Jump to Answer
Comments
Post Details
Added on Apr 21 2020
2 comments
199 views