Oracle JDBC瘦驱动程序SSL [英] Oracle JDBC thin driver SSL
问题描述
我正在尝试为oracle jdbc配置SSL,并且在阅读此文档后 http://www.oracle.com/technetwork /topics/wp-oracle-jdbc-thin-ssl-130128.pdf
I m trying to configure SSL for oracle jdbc and i m following the document http://www.oracle.com/technetwork/topics/wp-oracle-jdbc-thin-ssl-130128.pdf
我自己的机器上有oracle服务器和客户端.这是针对POC的.
I have oracle server and client in my own machine. This is for a POC.
在案例1中,我仅将SSL用于加密.我的listener.ora看起来像
I m using case #1 use SSL for encryption only. My listener.ora looks like
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
(ADDRESS = (PROTOCOL = TCPS)(HOST = localhost)(PORT = 2484))
)
)
WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=C:\app\xxx\product\11.2.0\dbhome_2\server)))
SSL_CLIENT_AUTHENTICATION=FALSE
我的sqlnet.ora看起来像
SQLNET.AUTHENTICATION_SERVICES= (NTS)
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=C:\app\Priya\product\11.2.0\dbhome_2\server)))
SSL_CLIENT_AUTHENTICATION=FALSE
我的tnsnames.ora在Oracle服务器上
my tnsnames.ora on the oracle server
ORCL =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCPS)(HOST = localhost)(PORT = 2484))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = orcl)
)
(SECURITY=(SSL_SERVER_CERT_DN="CN=SERVER_TEST,C=US"))
)
我什至在客户端上更新了tnsnames.ora
i even updated the tnsnames.ora on the client
ORCL =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCPS)(HOST = localhost)(PORT = 2484))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = orcl)
)
(SECURITY=(SSL_SERVER_CERT_DN="CN=SERVER_TEST,C=US"))
)
我的Java.security
security.provider.10 = oracle.security.pki.OraclePKIProvider
我使用orapki实用程序创建了服务器钱包自动登录.
I created server wallet autologin using orapki utility.
我的示例代码:
String url = "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=localhost)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=orcl)))";
System.out.println("set properties");
Properties props = new Properties();
props.setProperty("user", "XXXXX");
props.setProperty("password", "XXXXX");
props.setProperty("oracle.net.ssl_cipher_suites",
"(SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, "
+ "SSL_DH_anon_WITH_RC4_128_MD5,"
+ "SSL_DH_anon_WITH_DES_CBC_SHA)");
System.out.println("get connection");
Connection con = DriverManager.getConnection(url, props);
System.out.println("got a connection");
Statement stmt = con.createStatement();
ResultSet rs = stmt.executeQuery("select sysdate from dual");
while (rs.next()) {
System.out.println("result = "+rs.getString(1));
}
rs.close();
stmt.close();
con.close();
我遇到以下错误:
set properties
get connection
trustStore is: C:\Program Files (x86)\Java\jdk1.6.0_45\jre\lib\security\cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Algorithm: RSA; Serial number: 0x4eb200670c035d4f
Valid from Wed Oct 25 04:36:00 EDT 2006 until Sat Oct 25 04:36:00 EDT 2036
...............
.............
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1441881635 bytes = { 236, 186, 144, 113, 184, 49, 37, 30, 105, 22, 80, 151, 167, 186, 10, 227, 160, 97, 62, 9, 21, 123, 5, 153, 25, 55, 40, 140 }
Session ID: {}
Cipher Suites: [SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_RC4_128_MD5, SSL_DH_anon_WITH_DES_CBC_SHA]
Compression Methods: { 0 }
Extension renegotiation_info, renegotiated_connection: <empty>
***
[write] MD5 and SHA1 hashes: len = 56
0000: 01 00 00 34 03 01 56 F1 5E 23 EC BA 90 71 B8 31 ...4..V.^#...q.1
0010: 25 1E 69 16 50 97 A7 BA 0A E3 A0 61 3E 09 15 7B %.i.P......a>...
0020: 05 99 19 37 28 8C 00 00 06 00 1B 00 18 00 1A 01 ...7(...........
0030: 00 00 05 FF 01 00 01 00 ........
main, WRITE: TLSv1 Handshake, length = 56
[write] MD5 and SHA1 hashes: len = 53
0000: 01 03 01 00 0C 00 00 00 20 00 00 1B 00 00 18 00 ........ .......
0010: 00 1A 00 00 FF 56 F1 5E 23 EC BA 90 71 B8 31 25 .....V.^#...q.1%
0020: 1E 69 16 50 97 A7 BA 0A E3 A0 61 3E 09 15 7B 05 .i.P......a>....
0030: 99 19 37 28 8C ..7(.
main, WRITE: SSLv2 client hello message, length = 53
[Raw write]: length = 55
0000: 80 35 01 03 01 00 0C 00 00 00 20 00 00 1B 00 00 .5........ .....
0010: 18 00 00 1A 00 00 FF 56 F1 5E 23 EC BA 90 71 B8 .......V.^#...q.
0020: 31 25 1E 69 16 50 97 A7 BA 0A E3 A0 61 3E 09 15 1%.i.P......a>..
0030: 7B 05 99 19 37 28 8C ....7(.
main, handling exception: java.net.SocketException: Software caused connection abort: recv failed
main, SEND TLSv1 ALERT: fatal, description = unexpected_message
main, WRITE: TLSv1 Alert, length = 2
main, Exception sending alert: java.net.SocketException: Software caused connection abort: socket write error
main, called closeSocket()
main, called close()
main, called closeInternal(true)
Exception in thread "main" java.sql.SQLRecoverableException: IO Error: Software caused connection abort: recv failed
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:752)
at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:657)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:560)
at java.sql.DriverManager.getConnection(DriverManager.java:582)
at java.sql.DriverManager.getConnection(DriverManager.java:154)
at tr.com.pos.genius.background.Test.main(Test.java:75)
Caused by: java.net.SocketException: Software caused connection abort: recv failed
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:129)
at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:422)
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:460)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:863)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100)
at oracle.net.ns.Packet.send(Packet.java:419)
at oracle.net.ns.ConnectPacket.send(ConnectPacket.java:241)
at oracle.net.ns.NSProtocolStream.negotiateConnection(NSProtocolStream.java:157)
at oracle.net.ns.NSProtocol.connect(NSProtocol.java:264)
at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1452)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:496)
... 6 more
我正在使用Java 6和Oracle 11g ojdbc6.jar.
I m using java 6 and Oracle 11g, ojdbc6.jar.
我是使用SSL的新手.任何指示或建议都会有所帮助.
I m a newbie with SSL. Any pointers or suggestions will be helpful.
推荐答案
我认为您收到此错误是因为客户端发送的SSLv2 client hello已在服务器中被禁用.因此,服务器会立即中止握手.
尝试设置此属性以强制使用TLSv1.0,这将阻止客户端发送此SSLv2 client hello.
I think you're getting this error because of the client sending SSLv2 client hello which has been disabled in the server. So the server aborts the handshake immediately.
Try to set this property to force TLSv1.0 to be used which will prevent the client from sending this SSLv2 client hello.
props.setProperty("oracle.net.ssl_version", "1.0");
请注意,Oracle 12c中已禁用匿名密码套件,因此您应避免使用它们(是的,在您的问题中引用的白皮书有些陈旧).
Note that anonymous cipher suites have been disabled in Oracle 12c so you should refrain from using them (yes the whitepaper you're referring to in your question is a bit obsolete).
这篇关于Oracle JDBC瘦驱动程序SSL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
