使用Oracle高级安全性选项管理Oracle客户端 [英] Managed Oracle Client with Oracle Advanced Security Options
问题描述
10月14日,Oracle发布了被称为支持网络数据加密的Oracle Managed Client的最新版本。
On October 14th, Oracle release the latest version of their Oracle Managed Client which was described to support Network Data Encryption.
http://www.oracle.com/technetwork/topics/dotnet/tech-info/odac12cr4ds- 2704217.pdf
https://www.nuget.org/packages /Oracle.ManagedDataAccess/
尽管由于某些原因,在尝试多次配置后,我们仍然无法使其正常工作。我们不断得到臭名昭着的 ORA-12570:网络会话:意外的数据包读取错误包装在中的提供程序未提供ProviderManifestToken字符串。警报日志中的错误是以下 TNS-12599:TNS:加密校验和不匹配
Although for some reason after trying multiple configuration, we still weren't able to get it to work. We keep getting the infamous ORA-12570: Network Session: Unexpected packet read error exception wrapped in The provider did not return a ProviderManifestToken string. The error in the alert log is the following TNS-12599: TNS:cryptographic checksum mismatch
我们确认我们正在使用支持的加密算法的DBA。
We did confirm with the DBA that we were using the supported encryption algorithm.
此时,我唯一的附加设置如下:
At this point, my only additional settings are the following:
<settings>
<setting name="SQLNET.AUTHENTICATION_SERVICES" value="NTS" />
<setting name="NAMES.DIRECTORY_PATH" value="LDAP,tnsnames" />
</settings>
推荐答案
ODP.NET,托管驱动程序尚不支持数据完整性算法:
ODP.NET, Managed Driver does not yet support data integrity algorithms:
http://docs.oracle.com/cd/E63277_01/win.121/e63268/featConnecting.htm#CJAGFFCA
这个导致数据库警报日志中的TNS-12599:TNS:加密校验和不匹配错误,从而导致诸如ORA-12570之间的各种客户端错误:网络会话:意外的数据包读取错误或ORA-12537:网络会话:文件结束
This leads to the TNS-12599: TNS:cryptographic checksum mismatch error in your database alert log which in turn causes various client side errors such as ORA-12570: Network Session: Unexpected packet read error or ORA-12537: Network Session: End of file.
这可以通过更改数据库端SQLNET.ORA参数来修复,这样校验和不需要:
This can be fixed by changing database side SQLNET.ORA parameters, such that checksums are not REQUIRED:
sqlnet.crypto_checksum_client = ACCEPTED
sqlnet.crypto_checksum_client = ACCEPTED
sqlnet.crypto_checksum_server = ACCEPTED
sqlnet.crypto_checksum_server = ACCEPTED
(这个答案是在12.1期间提供的。 0.2时间段,随着时间的流逝,您应该检查一下是否有新的版本支持这个功能)
(This answer was provided during the 12.1.0.2 timeframe. As time passes, you should check to see if a newer release supports this feature)
这篇关于使用Oracle高级安全性选项管理Oracle客户端的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
