I m trying to configure SSL for oracle jdbc and im following the document http://www.oracle.com/technetwork/topics/wp-oracle-jdbc-thin-ssl-130128.pdf
I have oracle server and client in my own machine. This is for a POC.
I m using case #1 use SSL for encryption only. My listener.ora
looks like
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
(ADDRESS = (PROTOCOL = TCPS)(HOST = localhost)(PORT = 2484))
)
)
WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=C:\app\xxx\product\11.2.0\dbhome_2\server)))
SSL_CLIENT_AUTHENTICATION=FALSE
my sqlnet.ora
looks like
SQLNET.AUTHENTICATION_SERVICES= (NTS)
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=C:\app\Priya\product\11.2.0\dbhome_2\server)))
SSL_CLIENT_AUTHENTICATION=FALSE
my tnsnames.ora
on the oracle server
ORCL =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCPS)(HOST = localhost)(PORT = 2484))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = orcl)
)
(SECURITY=(SSL_SERVER_CERT_DN="CN=SERVER_TEST,C=US"))
)
i even updated the tnsnames.ora
on the client
ORCL =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCPS)(HOST = localhost)(PORT = 2484))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = orcl)
)
(SECURITY=(SSL_SERVER_CERT_DN="CN=SERVER_TEST,C=US"))
)
My Java.security
security.provider.10=oracle.security.pki.OraclePKIProvider
I created server wallet autologin using orapki
utility.
My sample code:
String url = "jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=localhost)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=orcl)))";
System.out.println("set properties");
Properties props = new Properties();
props.setProperty("user", "XXXXX");
props.setProperty("password", "XXXXX");
props.setProperty("oracle.net.ssl_cipher_suites",
"(SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, "
+ "SSL_DH_anon_WITH_RC4_128_MD5,"
+ "SSL_DH_anon_WITH_DES_CBC_SHA)");
System.out.println("get connection");
Connection con = DriverManager.getConnection(url, props);
System.out.println("got a connection");
Statement stmt = con.createStatement();
ResultSet rs = stmt.executeQuery("select sysdate from dual");
while (rs.next()) {
System.out.println("result = "+rs.getString(1));
}
rs.close();
stmt.close();
con.close();
and im getting following error:
set properties
get connection
trustStore is: C:\Program Files (x86)\Java\jdk1.6.0_45\jre\lib\security\cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Algorithm: RSA; Serial number: 0x4eb200670c035d4f
Valid from Wed Oct 25 04:36:00 EDT 2006 until Sat Oct 25 04:36:00 EDT 2036
...............
.............
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1441881635 bytes = { 236, 186, 144, 113, 184, 49, 37, 30, 105, 22, 80, 151, 167, 186, 10, 227, 160, 97, 62, 9, 21, 123, 5, 153, 25, 55, 40, 140 }
Session ID: {}
Cipher Suites: [SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_RC4_128_MD5, SSL_DH_anon_WITH_DES_CBC_SHA]
Compression Methods: { 0 }
Extension renegotiation_info, renegotiated_connection: <empty>
***
[write] MD5 and SHA1 hashes: len = 56
0000: 01 00 00 34 03 01 56 F1 5E 23 EC BA 90 71 B8 31 ...4..V.^#...q.1
0010: 25 1E 69 16 50 97 A7 BA 0A E3 A0 61 3E 09 15 7B %.i.P......a>...
0020: 05 99 19 37 28 8C 00 00 06 00 1B 00 18 00 1A 01 ...7(...........
0030: 00 00 05 FF 01 00 01 00 ........
main, WRITE: TLSv1 Handshake, length = 56
[write] MD5 and SHA1 hashes: len = 53
0000: 01 03 01 00 0C 00 00 00 20 00 00 1B 00 00 18 00 ........ .......
0010: 00 1A 00 00 FF 56 F1 5E 23 EC BA 90 71 B8 31 25 .....V.^#...q.1%
0020: 1E 69 16 50 97 A7 BA 0A E3 A0 61 3E 09 15 7B 05 .i.P......a>....
0030: 99 19 37 28 8C ..7(.
main, WRITE: SSLv2 client hello message, length = 53
[Raw write]: length = 55
0000: 80 35 01 03 01 00 0C 00 00 00 20 00 00 1B 00 00 .5........ .....
0010: 18 00 00 1A 00 00 FF 56 F1 5E 23 EC BA 90 71 B8 .......V.^#...q.
0020: 31 25 1E 69 16 50 97 A7 BA 0A E3 A0 61 3E 09 15 1%.i.P......a>..
0030: 7B 05 99 19 37 28 8C ....7(.
main, handling exception: java.net.SocketException: Software caused connection abort: recv failed
main, SEND TLSv1 ALERT: fatal, description = unexpected_message
main, WRITE: TLSv1 Alert, length = 2
main, Exception sending alert: java.net.SocketException: Software caused connection abort: socket write error
main, called closeSocket()
main, called close()
main, called closeInternal(true)
Exception in thread "main" java.sql.SQLRecoverableException: IO Error: Software caused connection abort: recv failed
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:752)
at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:657)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:560)
at java.sql.DriverManager.getConnection(DriverManager.java:582)
at java.sql.DriverManager.getConnection(DriverManager.java:154)
at tr.com.pos.genius.background.Test.main(Test.java:75)
Caused by: java.net.SocketException: Software caused connection abort: recv failed
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:129)
at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:422)
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:460)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:863)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100)
at oracle.net.ns.Packet.send(Packet.java:419)
at oracle.net.ns.ConnectPacket.send(ConnectPacket.java:241)
at oracle.net.ns.NSProtocolStream.negotiateConnection(NSProtocolStream.java:157)
at oracle.net.ns.NSProtocol.connect(NSProtocol.java:264)
at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1452)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:496)
... 6 more
I m using java 6 and Oracle 11g, ojdbc6.jar
.
I ma newbie with SSL. Any pointers or suggestions will be helpful.
I think you're getting this error because of the client sending SSLv2 client hello
which has been disabled in the server. So the server aborts the handshake immediately. Try to set this property to force TLSv1.0 to be used which will prevent the client from sending this SSLv2 client hello
.
props.setProperty("oracle.net.ssl_version", "1.0");
Note that anonymous cipher suites have been disabled in Oracle 12c so you should refrain from using them (yes the whitepaper you're referring to in your question is a bit obsolete).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.