I am trying to configure an Oracle 12 instance to allow (and later force) SSL-encrypted connections (only encryption, no authentication).
I did like described in SSL With Oracle JDBC Thin Driver:
Changed in listener.ora
from
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = myhost)(PORT = 1521))
)
)
to
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = myhost)(PORT = 1521))
(ADDRESS = (PROTOCOL = TCPS)(HOST = myhost)(PORT = 2484))
)
)
WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/tmp/oracle_wallet_tmp)))
SSL_CLIENT_AUTHENTICATION=FALSE
and also added the last two lines to sqlnet.ora.
I then created the wallet with
orapki wallet create -wallet /tmp/oracle_wallet_tmp -pwd test1234
and restarted the listener with
lsnrctl stop
lsnrctl start
The non-encryption session still works fine.
But
But when trying to connect via JDBC on an encrypted connection I get
Exception in thread "main" java.sql.SQLRecoverableException: I/O-Fehler: Received fatal alert: handshake_failure
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:682)
at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:711)
at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:385)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:30)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:558)
at java.sql.DriverManager.getConnection(DriverManager.java:571)
at java.sql.DriverManager.getConnection(DriverManager.java:187)
at orassl.Orassl.<init>(Orassl.java:23)
at orassl.Orassl.main(Orassl.java:38)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1959)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
at oracle.net.ns.Packet.send(Packet.java:419)
at oracle.net.ns.ConnectPacket.send(ConnectPacket.java:241)
at oracle.net.ns.NSProtocolStream.negotiateConnection(NSProtocolStream.java:151)
at oracle.net.ns.NSProtocol.connect(NSProtocol.java:263)
at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1360)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:486)
... 8 more
The listener log file listener/alert/log.xml
only tells me
<msg time='2014-03-04T14:03:19.906+01:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='myhost'
host_addr='hostip'>
<txt>04-MAR-2014 14:03:19 * <unknown connect data> * 12561
</txt>
</msg>
<msg time='2014-03-04T14:03:19.907+01:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='myhost'
host_addr='hostip'>
<txt>TNS-12561: TNS:unknown error
</txt>
</msg>
<msg time='2014-03-04T14:03:19.933+01:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='myhost'
host_addr='hostip'>
<txt>04-MAR-2014 14:03:19 * <unknown connect data> * 12561
</txt>
</msg>
<msg time='2014-03-04T14:03:19.933+01:00' org_id='oracle' comp_id='tnslsnr'
type='UNKNOWN' level='16' host_id='myhost'
host_addr='hostip'>
<txt>TNS-12561: TNS:unknown error
</txt>
</msg>
The client connects with the following:
props.setProperty("oracle.net.ssl_cipher_suites", "(SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_RC4_128_MD5, SSL_DH_anon_WITH_DES_CBC_SHA)");
props.setProperty("user", "dbuser");
props.setProperty("password", "dbpass");
final Connection c= DriverManager.getConnection("jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=hostip)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=mysid)))", props );
What am I still doing wrong?