Re: sqlnet.ora Issues

I forgot to mention that the issue is only with the CRYPTO_CHECKSUM_* settings. If you updated the server side parameters to include the older CRYTPO_CHECKSUM_TYPES that worked previously, then it should work. Having the user upgrade to the 19c client should work, but this assumes that the user's program is actually using the client, rather than its own Perl DB module or embedded jdbc jar. SImilar issues will also occur if you are using older OJDBCx.jar files, usually older than ojdbc7. A more complex workaround could be to use a different listener / port / directory structure to route only that application to the 2nd listener, with relaxed CRYPTO_ settings. But that is not really better than changing the sqlnet.ora for the primary listener. In the end, the proper fix is at the users application, otherwise you are bringing the security level of the entire DB down to the least-common denominator.

On Wed, Sep 21, 2022 at 3:24 PM Scott Canaan <srcdco_at_rit.edu> wrote:

> We are in the process of updating the sqlnet.ora files on all our
> databases and clients from:
>
>
>
> SQLNET.CRYPTO_CHECKSUM_CLIENT = REQUESTED
>
> SQLNET.ENCRYPTION_CLIENT = REQUESTED
>
> SQLNET.ENCRYPTION_TYPES_CLIENT= (AES256)
>
> SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT= (SHA1,MD5)
>
>
>
> To
>
>
>
> SQLNET.CRYPTO_CHECKSUM_CLIENT = REQUIRED
>
> SQLNET.ENCRYPTION_CLIENT = REQUIRED
>
> SQLNET.ENCRYPTION_TYPES_CLIENT= (AES256)
>
> SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT= (SHA512,SHA1,MD5)
>
>
>
> With the ultimate goal of only having SHA512. We just changed the dev
> servers and I have one customer that can’t connect to the dev server with
> the second set of entries above. His co-workers can. I can’t figure out
> what is different with his Oracle client install that won’t allow this to
> work. He has an Oracle 12.2 32-bit client. The database is Oracle 19c on
> Linux. A tnsping works, but sqlplus does not. He gets an ORA-12650: No
> common encryption or data integrity algorithm.
>
>
>
> The database server has the following sqlnet.ora:
>
>
>
> SQLNET.CRYPTO_CHECKSUM_CLIENT = REQUIRED
>
> SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT= (SHA512)
>
> SQLNET.CRYPTO_CHECKSUM_SERVER = REQUIRED
>
> SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER= (SHA512)
>
>
>
> SQLNET.ENCRYPTION_CLIENT = REQUIRED
>
> SQLNET.ENCRYPTION_TYPES_CLIENT= (AES256)
>
> SQLNET.ENCRYPTION_SERVER = REQUIRED
>
> SQLNET.ENCRYPTION_TYPES_SERVER= (3DES168,AES256)
>
>
>
> I can’t see why he gets the error.
>
>
>
> *Scott Canaan ‘88*
>
> *Sr Database Administrator *Information & Technology Services
> Finance & Administration
>
>
> *Rochester Institute of Technology *o: (585) 475-7886 | f: (585) 475-7520
>
> *srcdco_at_rit.edu <srcdco_at_rit.edu>* | c: (585) 339-8659
>
> *CONFIDENTIALITY NOTE*: The information transmitted, including
> attachments, is intended only for the person(s) or entity to which it is
> addressed and may contain confidential and/or privileged material. Any
> review, retransmission, dissemination or other use of, or taking of any
> action in reliance upon this information by persons or entities other than
> the intended recipient is prohibited. If you received this in error, please
> contact the sender and destroy any copies of this information.
>
>
>

--
http://www.freelists.org/webpage/oracle-l