Симптомы: прослушиватель tns, работающий на порту 2484, вообще не отвечает на приветствие клиента. Он отправляет FIN и корректно закрывает соединение. Моя цель - получить полное подтверждение ssl, зафиксированное на проводе.
My oracle db 19 c находится на windows 10.
listener.ora
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = CLRExtProc)
(ORACLE_HOME = C:\App\db_home)
(PROGRAM = extproc)
(ENVS = "EXTPROC_DLLS=ONLY:C:\App\db_home\bin\oraclr19.dll")
)
)
SSL_CLIENT_AUTHENTICATION = FALSE
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = C:\App\db_home\wallet)
)
)
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = WIN-10-ORACL-DB)(PORT = 1521))
)
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCPS)(HOST = WIN-10-ORACL-DB)(PORT = 2484))
)
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
)
)
ADR_BASE_LISTENER = C:\App\db_home\log
sq lnet .ora
SQLNET.AUTHENTICATION_SERVICES= (BEQ, TCPS, NTS)
SSL_VERSION = 0
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
SSL_CLIENT_AUTHENTICATION = FALSE
SQLNET.ENCRYPTION_TYPES_SERVER= (AES256)
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = C:\App\db_home\wallet)
)
)
SSL_CIPHER_SUITES= (SSL_RSA_WITH_AES_128_GCM_SHA256, SSL_RSA_WITH_AES_128_CBC_SHA256, SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA)
ADR_BASE = C:\App\db_home\log
tnsnames.ora
LISTENER_ORCL =
(ADDRESS = (PROTOCOL = TCP)(HOST = WIN-10-ORACL-DB)(PORT = 1521))
ORACLR_CONNECTION_DATA =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
)
(CONNECT_DATA =
(SID = CLRExtProc)
(PRESENTATION = RO)
)
)
ORCL =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = WIN-10-ORACL-DB)(PORT = 1521))
(ADDRESS = (PROTOCOL = TCPS)(HOST = WIN-10-ORACL-DB)(PORT = 2484))
)
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = orcl.greenbuff.local)
)
)
файл трассировки (в C: \ App \ db_home \ log \ diag \ tnslsnr \ WIN -10-ORACL-DB \ listener \ trace)
CONNECTION REQUEST
2020-05-06 14:43:52.172 : nsgetaddr:entry
2020-05-06 14:43:52.172 : nttaddr2bnd:entry
2020-05-06 14:43:52.172 : snlinGetNameInfo:entry
2020-05-06 14:43:52.172 : snlinGetNameInfo:exit
2020-05-06 14:43:52.172 : nttaddr2bnd:Resolved to ::
2020-05-06 14:43:52.172 : nttaddr2bnd:exit
2020-05-06 14:43:52.173 : nsevfnt:cxd: 0xcc4405b0 cid=2 stage 0: NS events set:
INCOMING CALL
2020-05-06 14:43:52.173 : nsevrec:event is 0x1, on 2
2020-05-06 14:43:52.173 : nsevwait:1 posted event(s)
2020-05-06 14:43:52.173 : nsevwait:exit (0)
2020-05-06 14:43:52.173 : nsglhe:entry
2020-05-06 14:43:52.173 : nsglhe:Event on cxd 0xcc4405b0.
2020-05-06 14:43:52.173 : nsglhc:Allocating cxd 0xcc4bf0b0
2020-05-06 14:43:52.173 : nsanswer:entry
2020-05-06 14:43:52.173 : nsopen:entry
2020-05-06 14:43:52.173 : nsmal:entry
2020-05-06 14:43:52.173 : nsmal:1920 bytes at 0xcc620bf0
2020-05-06 14:43:52.173 : nsmal:normal exit
2020-05-06 14:43:52.173 : nsopenmplx:entry
2020-05-06 14:43:52.174 : nsmal:entry
2020-05-06 14:43:52.174 : nsmal:3552 bytes at 0xcc524250
2020-05-06 14:43:52.174 : nsmal:normal exit
2020-05-06 14:43:52.174 : nsiorini:entry
2020-05-06 14:43:52.174 : nsbal:entry
2020-05-06 14:43:52.174 : nsbgetfl:entry
2020-05-06 14:43:52.174 : nsbgetfl:normal exit
2020-05-06 14:43:52.174 : nsbal:normal exit
2020-05-06 14:43:52.174 : nsiorini:exit (0)
2020-05-06 14:43:52.174 : nscpxget:entry
2020-05-06 14:43:52.174 : nscpxget:normal exit
2020-05-06 14:43:52.175 : nsopenmplx:normal exit
2020-05-06 14:43:52.175 : nstoSetupTimeout:entry
2020-05-06 14:43:52.175 : nstoSetupTimeout:ATO enabled for ctx=0x00000286CC620BF0, val=60000(millisecs)
2020-05-06 14:43:52.175 : nstoUpdateActive:entry
2020-05-06 14:43:52.175 : nstoUpdateActive:Active timeout is 0 (see nstotyp)
2020-05-06 14:43:52.175 : nsopen:opening transport...
2020-05-06 14:43:52.175 : ntzconnect:entry
2020-05-06 14:43:52.175 : ntzCreateConnection:entry
2020-05-06 14:43:52.175 : nttcon:entry
2020-05-06 14:43:52.175 : nttcon:toc = 3
2020-05-06 14:43:52.175 : nttcnp:entry
2020-05-06 14:43:52.175 : nttcnp:getting sockname
2020-05-06 14:43:52.175 : nttcnp:getting peername
2020-05-06 14:43:52.175 : nttcnp:exit
2020-05-06 14:43:52.175 : nttcnr:entry
2020-05-06 14:43:52.175 : nttcnr:waiting to accept a connection.
2020-05-06 14:43:52.176 : nttcnr:getting sockname
2020-05-06 14:43:52.176 : snlinGetNameInfo:entry
2020-05-06 14:43:52.176 : snlinGetNameInfo:exit
2020-05-06 14:43:52.176 : nttcnr:connected on source ipaddr 172.20.191.102 port 2484
2020-05-06 14:43:52.176 : snlinGetNameInfo:entry
2020-05-06 14:43:52.176 : snlinGetNameInfo:exit
2020-05-06 14:43:52.176 : nttcnr:connected on destination ipaddr 172.20.191.101 port 53020
2020-05-06 14:43:52.176 : nttvlser:entry
2020-05-06 14:43:52.176 : nlvlsern:entry
2020-05-06 14:43:52.176 : snlinGetNameInfo:entry
2020-05-06 14:43:52.176 : snlinGetNameInfo:exit
2020-05-06 14:43:52.176 : nttvlser:valid node check on incoming node 172.20.191.101
2020-05-06 14:43:52.176 : nttvlser:Accepted Entry: 172.20.191.101
2020-05-06 14:43:52.176 : nttcnr:exit
2020-05-06 14:43:52.176 : nttctl:entry
2020-05-06 14:43:52.176 : nttctl:Setting connection into nodelay mode
2020-05-06 14:43:52.176 : nttctl:set TCP_NODELAY on 1332
2020-05-06 14:43:52.176 : nttcon:exit
2020-05-06 14:43:52.176 : ntzAllocate:entry
2020-05-06 14:43:52.176 : ntzAllocate:allocating 312 bytes of memory.
2020-05-06 14:43:52.177 : ntzAllocate:exit
2020-05-06 14:43:52.177 : ntzAllocate:entry
2020-05-06 14:43:52.177 : ntzAllocate:allocating 2097152 bytes of memory.
2020-05-06 14:43:52.177 : ntzAllocate:exit
2020-05-06 14:43:52.177 : ntzAllocate:entry
2020-05-06 14:43:52.177 : ntzAllocate:allocating 2097152 bytes of memory.
2020-05-06 14:43:52.177 : ntzAllocate:exit
2020-05-06 14:43:52.177 : ntzConfigure:entry
2020-05-06 14:43:52.177 : ntzgsvp:entry
2020-05-06 14:43:52.177 : ntzGetStringParameter:entry
2020-05-06 14:43:52.177 : ntzGetStringParameter:exit
2020-05-06 14:43:52.177 : ntzgsvp:no SSL version specified - using default version 0
2020-05-06 14:43:52.177 : ntzgsvp:exit
2020-05-06 14:43:52.177 : ntzgcpp:entry
2020-05-06 14:43:52.177 : ntzgcpp:no SSL cipher suites specified
2020-05-06 14:43:52.177 : ntzgcpp:exit
2020-05-06 14:43:52.177 : ntzgcap:entry
2020-05-06 14:43:52.178 : ntzgcap:retrieved value "FALSE" for client authentication parameter
2020-05-06 14:43:52.178 : ntzgcap:exit
2020-05-06 14:43:52.178 : ntzgwrl:entry
2020-05-06 14:43:52.178 : ntzgwrlFromFile:entry
2020-05-06 14:43:52.178 : ntzGetStringParameter:entry
2020-05-06 14:43:52.178 : ntzGetStringParameter:found value for "wallet_location" configuration parameter: "SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = C:\App\db_home\wallet))"
2020-05-06 14:43:52.178 : ntzGetStringParameter:exit
2020-05-06 14:43:52.178 : ntzAllocate:entry
2020-05-06 14:43:52.178 : ntzAllocate:allocating 79 bytes of memory.
2020-05-06 14:43:52.178 : ntzAllocate:exit
2020-05-06 14:43:52.178 : ntzAllocate:entry
2020-05-06 14:43:52.178 : ntzAllocate:allocating 30 bytes of memory.
2020-05-06 14:43:52.178 : ntzAllocate:exit
2020-05-06 14:43:52.178 : ntzgwrlFromFile:exit
2020-05-06 14:43:52.178 : ntzgwrl:exit
2020-05-06 14:43:52.178 : ntzGetWRLFromDatabaseCallback:entry
2020-05-06 14:43:52.178 : ntzGetWRLFromDatabaseCallback:SERVICE_NAME available and WRL type is NZTTWRL_FILE, checking to see if per-PDB wallet for TLS is available.
2020-05-06 14:43:52.178 : ntzGetWRLFromDatabaseCallback:exit
2020-05-06 14:43:52.178 : ntzGetAllowedCertsParam:entry
2020-05-06 14:43:52.178 : ntzGetBooleanParameter:entry
2020-05-06 14:43:52.178 : ntzGetBooleanParameter:exit
2020-05-06 14:43:52.178 : ntzGetBooleanParameter:entry
2020-05-06 14:43:52.178 : ntzGetBooleanParameter:exit
2020-05-06 14:43:52.179 : ntzGetAllowedCertsParam:exit
2020-05-06 14:43:52.179 : ntzscr:entry
2020-05-06 14:43:52.179 : ntzGetStringParameter:entry
2020-05-06 14:43:52.179 : ntzGetStringParameter:exit
2020-05-06 14:43:52.179 : ntzGetStringParameter:entry
2020-05-06 14:43:52.179 : ntzGetStringParameter:exit
2020-05-06 14:43:52.179 : ntzGetStringParameter:entry
2020-05-06 14:43:52.179 : ntzGetStringParameter:exit
2020-05-06 14:43:52.179 : ntzscr:exit
2020-05-06 14:43:52.179 : ntzlogin:entry
2020-05-06 14:43:52.180 : ntzlogin:Wallet open failed with error 28759
2020-05-06 14:43:52.180 : ntzlogin:returning NZ error 28759 in result structure
2020-05-06 14:43:52.180 : ntzlogin:failed with error 540
2020-05-06 14:43:52.180 : ntzlogin:exit
Результатом этого файла трассировки является то, как он завершает работу и возвращает ошибку
Хотя клиент в этом случае не имеет большого значения , Я настроил его для связи с сервером для генерации трафика c. Я получаю:
ERROR:
ORA-28864: SSL connection closed gracefully
SP2-0751: Unable to connect to Oracle. Exiting SQL*Plus
Я также включил часть файла трассировки клиента, где отображается ошибка чтения, потому что ниже нет ответа на приветствие клиента.
2020-05-06 09:11:00.320 : nzosSetCipherSuite:Setting ciphers to ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-RSA-AES128-GCM-SHA256:ECDH-RSA-AES256-SHA384:ECDH-RSA-AES128-SHA256:ECDH-RSA-AES256-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES256-SHA384:ECDH-ECDSA-AES128-SHA256:ECDH-ECDSA-AES256-SHA:ECDH-ECDSA-AES128-SHA:EDH-RSA-AES256-GCM-SHA384:EDH-RSA-AES128-GCM-SHA256:EDH-RSA-AES256-SHA256:EDH-RSA-AES128-SHA256:EDH-RSA-AES256-SHA:EDH-RSA-AES128-SHA
2020-05-06 09:11:00.321 : nzosSetCipherSuite:exit
2020-05-06 09:11:00.321 : nzos_SetPersona:entry
2020-05-06 09:11:00.321 : nzosAddCertChain:entry
2020-05-06 09:11:00.322 : nzosAddCertChain:exit
2020-05-06 09:11:00.322 : nzos_SetPersona:exit
2020-05-06 09:11:00.322 : nzosSetCredential:exit
2020-05-06 09:11:00.322 : nzos_Handshake:entry
2020-05-06 09:11:00.322 : SSL_Info:Handshake before/connect initialization (TLSv12 protocol)
2020-05-06 09:11:00.323 : nttwr:entry
2020-05-06 09:11:00.323 : nttwr:socket 924 had bytes written=166
2020-05-06 09:11:00.323 : nttwr:exit
2020-05-06 09:11:00.323 : nzosp_bio_write:processed=166, ret=0
2020-05-06 09:11:00.323 : nzbiowrite: write 166/166 bytes
2020-05-06 09:11:00.323 : 0: 16030200 a1010000 9d03025e b2e194d7 |...........^....|
16: 9b23fc0e 9bd6897c 28ff1d22 e9282f0a |.#.....|(..".(/.|
32: 845770af b370ccea af5d7a00 004ac030 |.Wp..p...]z..J.0|
48: c028c014 c02fc027 c013c02c c024c00a |.(.../.'...,.$..|
64: c02bc023 c009009d 003d0035 009c003c |.+.#.....=.5...<|
80: 002fc032 c031c02a c029c00f c00ec02e |./.2.1.*.)......|
96: c02dc026 c025c005 c004009f 009e006b |.-.&...........k|
112: 00670039 003300ff 0100002a 000a0020 |.g.9.3.....*... |
128: 001e0017 0019000d 000e0018 000b000c |................|
144: 0009000a 00150006 00070013 00010003 |................|
160: 000b0002 0100---- -------- -------- |...... |
2020-05-06 09:11:00.323 : SSL_Info:SSLv2/v3 write client hello A (TLSv11 protocol)
2020-05-06 09:11:00.323 : nttrd:entry
2020-05-06 09:11:00.323 : ntt2err:entry
2020-05-06 09:11:00.323 : ntt2err:soc 924 error - operation=5, ntresnt[0]=530, ntresnt[1]=53, ntresnt[2]=0
2020-05-06 09:11:00.323 : ntt2err:exit
2020-05-06 09:11:00.323 : nttrd:exit
2020-05-06 09:11:00.323 : nzospRead:I/O error - closing connection (-6992)
2020-05-06 09:11:00.323 : SSL_Info:error in SSLv3 read server hello A
2020-05-06 09:11:00.324 : nzos_Handshake:Handshake returned failure code -1
2020-05-06 09:11:00.324 : nzos_Handshake:exit
Мы будем очень признательны за любую помощь в направлении меня к тому, что означает невозможность открыть кошелек. Спасибо.