1、查看加密组件
[qdtais1]@ht01[/home/oracle]$adapters
Installed Oracle Net transport protocols are:
IPC
BEQ
TCP/IP
SSL
RAW
SDP/IB
Installed Oracle Net naming methods are:
Local Naming (tnsnames.ora)
Oracle Directory Naming
Oracle Host Naming
Oracle Names Server Naming
Installed Oracle Advanced Security options are:
RC4 40-bit encryption
RC4 56-bit encryption
RC4 128-bit encryption
RC4 256-bit encryption
DES40 40-bit encryption
DES 56-bit encryption
3DES 112-bit encryption
3DES 168-bit encryption
AES 128-bit encryption
AES 192-bit encryption
AES 256-bit encryption
MD5 crypto-checksumming
SHA-1 crypto-checksumming
Kerberos v5 authentication
RADIUS authentication
2、设置网络加密,只对服务端进行设置,客户端默认设置是ACCEPTED
SQLNET.ENCRYPTION_SERVER = requested
SQLNET.ENCRYPTION_TYPES_SERVER= (RC4_256)
加密设置是否生效参考官网
https://docs.oracle.com/cd/E11882_01/network.112/e40393/asoconfg.htm#ASOAG9599
Client Setting Server Setting Encryption and Data Negotiation REJECTED REJECTED OFF ACCEPTED REJECTED OFF REQUESTED REJECTED OFF REQUIRED REJECTED Connection fails REJECTED ACCEPTED OFF ACCEPTED ACCEPTED OFFFoot 1 REQUESTED ACCEPTED ON REQUIRED ACCEPTED ON REJECTED REQUESTED OFF ACCEPTED REQUESTED ON REQUESTED REQUESTED ON REQUIRED REQUESTED ON REJECTED REQUIRED Connection fails ACCEPTED REQUIRED ON REQUESTED REQUIRED ON REQUIRED REQUIRED ON
设置完sqlnet以后不用重启监听
验证是否加密可以trace sqlnet
#Trace file setup
trace_level_server=16
trace_level_client=16
trace_directory_server=/home/oracle/trace
trace_directory_client=/home/oracle/trace
trace_file_client=cli
trace_file_server=srv
trace_unique_client=true
diag_adr_enabled = off
[qdtais1]@ht01[/home/oracle/trace]$cat srv_6038.trc |grep "encryption is active"
[09-MAY-2019 18:58:28:817] na_tns: encryption is active, using RC4_256
除拉trace sqlnet以外还可以使用wireshark抓包来看具体是否加密
yum install wireshark-*
wireshark启动抓包工具,使用下面条件过滤
ip.addr eq 192.168.20.221 and tns
这是没有加密
下面是加密过的
加密以后包变大拉
加密解密性能影响,参考http://www.orafaq.com/wiki/Network_Encryption
| Algorithm | None | MD5 | SHA-1 | |||
|---|---|---|---|---|---|---|
| Time | %None | Time | %None | Time | %None | |
| None | 79.6 s | 80.5 s | 101% | 82.4 s | 104% | |
| DES | 104.7 s | 132% | 107.1 s | 135% | 108.2 s | 136% |
| 3DES168 | 151.8 s | 191% | 153.9 s | 193% | 155.6 s | 196% |
| AES128 | 88.8 s | 112% | 90.5 s | 114% | 92.1 s | 116% |
| AES256 | 91.8 s | 115% | 93.5 s | 117% | 94.2 s | 118% |
| RC4_128 | 81.6 s | 103% | 82.5 s | 104% | 85.0 s | 107% |
| RC4_256 | 81.7 s | 103% | 82.8 s | 104% | 85.0 s | 107% |