1、查看加密組件
[qdtais1]@ht01[/home/oracle]$adapters
Installed Oracle Net transport protocols are:
IPC
BEQ
TCP/IP
SSL
RAW
SDP/IB
Installed Oracle Net naming methods are:
Local Naming (tnsnames.ora)
Oracle Directory Naming
Oracle Host Naming
Oracle Names Server Naming
Installed Oracle Advanced Security options are:
RC4 40-bit encryption
RC4 56-bit encryption
RC4 128-bit encryption
RC4 256-bit encryption
DES40 40-bit encryption
DES 56-bit encryption
3DES 112-bit encryption
3DES 168-bit encryption
AES 128-bit encryption
AES 192-bit encryption
AES 256-bit encryption
MD5 crypto-checksumming
SHA-1 crypto-checksumming
Kerberos v5 authentication
RADIUS authentication
2、設置網絡加密,只對服務端進行設置,客戶端默認設置是ACCEPTED
SQLNET.ENCRYPTION_SERVER = requested
SQLNET.ENCRYPTION_TYPES_SERVER= (RC4_256)
加密設置是否生效參考官網
https://docs.oracle.com/cd/E11882_01/network.112/e40393/asoconfg.htm#ASOAG9599
Client Setting Server Setting Encryption and Data Negotiation REJECTED REJECTED OFF ACCEPTED REJECTED OFF REQUESTED REJECTED OFF REQUIRED REJECTED Connection fails REJECTED ACCEPTED OFF ACCEPTED ACCEPTED OFFFoot 1 REQUESTED ACCEPTED ON REQUIRED ACCEPTED ON REJECTED REQUESTED OFF ACCEPTED REQUESTED ON REQUESTED REQUESTED ON REQUIRED REQUESTED ON REJECTED REQUIRED Connection fails ACCEPTED REQUIRED ON REQUESTED REQUIRED ON REQUIRED REQUIRED ON
設置完sqlnet以后不用重啟監聽
驗證是否加密可以trace sqlnet
#Trace file setup
trace_level_server=16
trace_level_client=16
trace_directory_server=/home/oracle/trace
trace_directory_client=/home/oracle/trace
trace_file_client=cli
trace_file_server=srv
trace_unique_client=true
diag_adr_enabled = off
[qdtais1]@ht01[/home/oracle/trace]$cat srv_6038.trc |grep "encryption is active"
[09-MAY-2019 18:58:28:817] na_tns: encryption is active, using RC4_256
除拉trace sqlnet以外還可以使用wireshark抓包來看具體是否加密
yum install wireshark-*
wireshark啟動抓包工具,使用下面條件過濾
ip.addr eq 192.168.20.221 and tns
這是沒有加密
下面是加密過的
加密以后包變大拉
加密解密性能影響,參考http://www.orafaq.com/wiki/Network_Encryption
| Algorithm | None | MD5 | SHA-1 | |||
|---|---|---|---|---|---|---|
| Time | %None | Time | %None | Time | %None | |
| None | 79.6 s | 80.5 s | 101% | 82.4 s | 104% | |
| DES | 104.7 s | 132% | 107.1 s | 135% | 108.2 s | 136% |
| 3DES168 | 151.8 s | 191% | 153.9 s | 193% | 155.6 s | 196% |
| AES128 | 88.8 s | 112% | 90.5 s | 114% | 92.1 s | 116% |
| AES256 | 91.8 s | 115% | 93.5 s | 117% | 94.2 s | 118% |
| RC4_128 | 81.6 s | 103% | 82.5 s | 104% | 85.0 s | 107% |
| RC4_256 | 81.7 s | 103% | 82.8 s | 104% | 85.0 s | 107% |