Oracle JDBC: Disable cpu-intensive security features

Question

Oracle's JDBC driver does some quite CPU-intensive calls during connection creation/authentication, like usages of SecureRandom (even though /dev/urandom is used in our case) or AES ciphers.

Example stacktrace snippet of an expensive operation:

javax.crypto.Cipher.doFinal(byte[], int, int, byte[]) line: 2325    
oracle.net.aso.e.b(byte[], int, int, byte[]) line: not available    
oracle.net.aso.ac.f(byte[]) line: not available 
oracle.net.aso.c.f(byte[]) line: not available  
oracle.security.o5logon.O5Logon.a(byte[], java.lang.String, java.lang.String) line: not available   
oracle.security.o5logon.O5Logon.generateOAuthResponse(int, byte[], java.lang.String, java.lang.String, java.lang.String, byte[], byte[], byte[], byte[], byte[], byte[], int[], int[], boolean, byte, byte[], int, int, byte[], int[]) line: not available  
oracle.security.o5logon.O5Logon.generateOAuthResponse(int, byte[], java.lang.String, java.lang.String, byte[], byte[], byte[], byte[], int[], boolean, byte, byte[], int, int, byte[], int[]) line: not available   
oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTH(java.lang.String, java.lang.String, java.lang.String, long, int, int, byte[][]) line: 1179   
oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTH(java.lang.String, java.lang.String, java.lang.String, long) line: 1025   
oracle.jdbc.driver.T4CConnection.logon(org.ietf.jgss.GSSCredential) line: 743   
oracle.jdbc.driver.T4CConnection(oracle.jdbc.driver.PhysicalConnection).connect(org.ietf.jgss.GSSCredential) line: 793  
oracle.jdbc.driver.T4CDriverExtension.getConnection(java.lang.String, java.util.Properties, org.ietf.jgss.GSSCredential) line: 57   
oracle.jdbc.OracleDriver(oracle.jdbc.driver.OracleDriver).connect(java.lang.String, java.util.Properties, org.ietf.jgss.GSSCredential) line: 747    
oracle.jdbc.OracleDriver(oracle.jdbc.driver.OracleDriver).connect(java.lang.String, java.util.Properties) line: 562     
[...]

While this is fine for production and regular test environments, it adds unnecessary CPU costs and latencies for connections to special environments, eg in automated testing scenarios for which we use local database instances with pure testing data.

Question:
Is there a way to disable some or all of those expensive security-related features, eg by lowering or disable authentication of the jdbc driver or any other measure to reduce cpu time?

Answer 1

Are you using any new Oracle features? Like OAUTH authentication, Oracle Cloud database?

From the stack trace it seems to be hard to avoid, this is part of negotiation where client needs to encrypt password before sending it to server. I never saw this as a problem - CPU intensive password encryption. There were problems with Java8 where /dev/random was blocking and client was stalled due to lack of entropy.

For testing purposes you can use worse encryption algorithm. Oracle stores multiple password's hashes delimited by semicolon.

alter user xxx identified by values '.... password hash'.

As documented here: SpiderLabs Blog