To use encryption for connection modify sqlnet.ora and add below lines :-
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT = (MD5)
SQLNET.ENCRYPTION_TYPES_CLIENT = (RC4_256)
SQLNET.ENCRYPTION_CLIENT = required
SQLNET.CRYPTO_CHECKSUM_CLIENT = required
To confirm if encryption is working enable client level trace with value higher than 10 by adding below lines in sqlnet.ora
trace_level_client = 16
trace_unique_client = on
trace_directory_client = D:\oracle\network\trace
Check trace file :-
If encryption is active :-
[24-OCT-2006 10:00:32:087] na_tns: encryption is active, using RC4_256
If encryption is not active it will instead look like:
[24-OCT-2006 10:07:34:707] na_tns: encryption is not active
In my trace extract from my trace file :-
[28-MAR-2012 18:12:20:638] naeecom: The server chose the 'RC4_256' encryption algorithm
[28-MAR-2012 18:12:20:638] naeecom: exit
[28-MAR-2012 18:12:20:638] naeccom: entry
[28-MAR-2012 18:12:20:638] naeccom: The server chose the 'MD5' crypto-checksumming algorithm
[28-MAR-2012 18:12:20:638] naeccom: exit
[28-MAR-2012 18:12:20:638] na_tns: entry
[28-MAR-2012 18:12:20:638] na_tns: Secure Network Services is available.
[28-MAR-2012 18:12:20:638] nau_adi: entry
[28-MAR-2012 18:12:20:638] nau_adi: exit
[28-MAR-2012 18:12:20:638] na_tns: authentication is not active
[28-MAR-2012 18:12:20:638] na_tns: encryption is active, using RC4_256
[28-MAR-2012 18:12:20:638] na_tns: crypto-checksumming is active, using MD5
[28-MAR-2012 18:12:20:638] na_tns: exit
[28-MAR-2012 18:12:20:638] na_coco: exit
[28-MAR-2012 18:12:20:638] naconnect: exit
[28-MAR-2012 18:12:20:638] nsnafinishconn: entry
[28-MAR-2012 18:12:20:638] nagetctxinfo: entry
[28-MAR-2012 18:12:20:638] nagetctxinfo: exit
[28-MAR-2012 18:12:20:638] nsnafinishconn: normal exit
[28-MAR-2012 18:12:20:638] nsnadoconn: normal exit
[28-MAR-2012 18:12:20:638] nsnaconn: normal exit
[28-MAR-2012 18:12:20:638] nscall: normal exit
[28-MAR-2012 18:12:20:638] niotns: niotns: passing ns handle back up...
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT = (MD5)
SQLNET.ENCRYPTION_TYPES_CLIENT = (RC4_256)
SQLNET.ENCRYPTION_CLIENT = required
SQLNET.CRYPTO_CHECKSUM_CLIENT = required
To confirm if encryption is working enable client level trace with value higher than 10 by adding below lines in sqlnet.ora
trace_level_client = 16
trace_unique_client = on
trace_directory_client = D:\oracle\network\trace
Check trace file :-
If encryption is active :-
[24-OCT-2006 10:00:32:087] na_tns: encryption is active, using RC4_256
If encryption is not active it will instead look like:
[24-OCT-2006 10:07:34:707] na_tns: encryption is not active
In my trace extract from my trace file :-
[28-MAR-2012 18:12:20:638] naeecom: The server chose the 'RC4_256' encryption algorithm
[28-MAR-2012 18:12:20:638] naeecom: exit
[28-MAR-2012 18:12:20:638] naeccom: entry
[28-MAR-2012 18:12:20:638] naeccom: The server chose the 'MD5' crypto-checksumming algorithm
[28-MAR-2012 18:12:20:638] naeccom: exit
[28-MAR-2012 18:12:20:638] na_tns: entry
[28-MAR-2012 18:12:20:638] na_tns: Secure Network Services is available.
[28-MAR-2012 18:12:20:638] nau_adi: entry
[28-MAR-2012 18:12:20:638] nau_adi: exit
[28-MAR-2012 18:12:20:638] na_tns: authentication is not active
[28-MAR-2012 18:12:20:638] na_tns: encryption is active, using RC4_256
[28-MAR-2012 18:12:20:638] na_tns: crypto-checksumming is active, using MD5
[28-MAR-2012 18:12:20:638] na_tns: exit
[28-MAR-2012 18:12:20:638] na_coco: exit
[28-MAR-2012 18:12:20:638] naconnect: exit
[28-MAR-2012 18:12:20:638] nsnafinishconn: entry
[28-MAR-2012 18:12:20:638] nagetctxinfo: entry
[28-MAR-2012 18:12:20:638] nagetctxinfo: exit
[28-MAR-2012 18:12:20:638] nsnafinishconn: normal exit
[28-MAR-2012 18:12:20:638] nsnadoconn: normal exit
[28-MAR-2012 18:12:20:638] nsnaconn: normal exit
[28-MAR-2012 18:12:20:638] nscall: normal exit
[28-MAR-2012 18:12:20:638] niotns: niotns: passing ns handle back up...
No comments:
Post a Comment