sqlnet设置网络传输加密
1、查看加密组件
[qdtais1]@ht01[/home/oracle]$adapters
Installed Oracle Net transport protocols are:
IPC
BEQ
TCP/IP
SSL
RAW
SDP/IB
Installed Oracle Net naming methods are:
Local Naming (tnsnames.ora)
Oracle Directory Naming
Oracle Host Naming
Oracle Names Server Naming
Installed Oracle Advanced Security options are:
RC4 40-bit encryption
RC4 56-bit encryption
RC4 128-bit encryption
RC4 256-bit encryption
DES40 40-bit encryption
DES 56-bit encryption
3DES 112-bit encryption
3DES 168-bit encryption
AES 128-bit encryption
AES 192-bit encryption
AES 256-bit encryption
MD5 crypto-checksumming
SHA-1 crypto-checksumming
Kerberos v5 authentication
RADIUS authentication
2、设置网络加密,只对服务端进行设置,客户端默认设置是ACCEPTED
SQLNET.ENCRYPTION_SERVER = requested
SQLNET.ENCRYPTION_TYPES_SERVER= (RC4_256)
加密设置是否生效参考官网
https://docs.oracle.com/cd/E11882_01/network.112/e40393/asoconfg.htm#ASOAG9599
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | Client Setting Server Setting Encryption and Data NegotiationREJECTED REJECTED OFFACCEPTED REJECTED OFFREQUESTED REJECTED OFFREQUIRED REJECTED Connection failsREJECTED ACCEPTED OFFACCEPTED ACCEPTED OFFFoot 1 REQUESTED ACCEPTED ONREQUIRED ACCEPTED ONREJECTED REQUESTED OFFACCEPTED REQUESTED ONREQUESTED REQUESTED ONREQUIRED REQUESTED ONREJECTED REQUIRED Connection failsACCEPTED REQUIRED ONREQUESTED REQUIRED ONREQUIRED REQUIRED ON |
设置完sqlnet以后不用重启监听
验证是否加密可以trace sqlnet
#Trace file setup
trace_level_server=16
trace_level_client=16
trace_directory_server=/home/oracle/trace
trace_directory_client=/home/oracle/trace
trace_file_client=cli
trace_file_server=srv
trace_unique_client=true
diag_adr_enabled = off
[qdtais1]@ht01[/home/oracle/trace]$cat srv_6038.trc |grep "encryption is active"
[09-MAY-2019 18:58:28:817] na_tns: encryption is active, using RC4_256
除拉trace sqlnet以外还可以使用wireshark抓包来看具体是否加密
yum install wireshark-*
wireshark启动抓包工具,使用下面条件过滤
ip.addr eq 192.168.20.221 and tns
这是没有加密
下面是加密过的
加密以后包变大拉
加密解密性能影响,参考http://www.orafaq.com/wiki/Network_Encryption
| Algorithm | None | MD5 | SHA-1 | |||
|---|---|---|---|---|---|---|
| Time | %None | Time | %None | Time | %None | |
| None | 79.6 s | 80.5 s | 101% | 82.4 s | 104% | |
| DES | 104.7 s | 132% | 107.1 s | 135% | 108.2 s | 136% |
| 3DES168 | 151.8 s | 191% | 153.9 s | 193% | 155.6 s | 196% |
| AES128 | 88.8 s | 112% | 90.5 s | 114% | 92.1 s | 116% |
| AES256 | 91.8 s | 115% | 93.5 s | 117% | 94.2 s | 118% |
| RC4_128 | 81.6 s | 103% | 82.5 s | 104% | 85.0 s | 107% |
| RC4_256 | 81.7 s | 103% | 82.8 s | 104% | 85.0 s | 107% |
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· Linux系列:如何用heaptrack跟踪.NET程序的非托管内存泄露
· 开发者必知的日志记录最佳实践
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· AI与.NET技术实操系列(二):开始使用ML.NET
· 【自荐】一款简洁、开源的在线白板工具 Drawnix
· 没有Manus邀请码?试试免邀请码的MGX或者开源的OpenManus吧
· 园子的第一款AI主题卫衣上架——"HELLO! HOW CAN I ASSIST YOU TODAY
· 无需6万激活码!GitHub神秘组织3小时极速复刻Manus,手把手教你使用OpenManus搭建本
· C#/.NET/.NET Core优秀项目和框架2025年2月简报