症状:运行在端口2484上的tns侦听器根本不响应客户端hello。它发送一个FIN并正常关闭连接。我的目标是在网络上获取完整的ssl握手。
我的oracle数据库19c在windows 10上。
listener.ora
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = CLRExtProc)
(ORACLE_HOME = C:Appdb_home)
(PROGRAM = extproc)
(ENVS = "EXTPROC_DLLS=ONLY:C:Appdb_homebinoraclr19.dll")
)
)
SSL_CLIENT_AUTHENTICATION = FALSE
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = C:Appdb_homewallet)
)
)
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = WIN-10-ORACL-DB)(PORT = 1521))
)
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCPS)(HOST = WIN-10-ORACL-DB)(PORT = 2484))
)
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
)
)
ADR_BASE_LISTENER = C:Appdb_homelog
sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES= (BEQ, TCPS, NTS)
SSL_VERSION = 0
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
SSL_CLIENT_AUTHENTICATION = FALSE
SQLNET.ENCRYPTION_TYPES_SERVER= (AES256)
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = C:Appdb_homewallet)
)
)
SSL_CIPHER_SUITES= (SSL_RSA_WITH_AES_128_GCM_SHA256, SSL_RSA_WITH_AES_128_CBC_SHA256, SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA)
ADR_BASE = C:Appdb_homelog
tnsnames.ora
LISTENER_ORCL =
(ADDRESS = (PROTOCOL = TCP)(HOST = WIN-10-ORACL-DB)(PORT = 1521))
ORACLR_CONNECTION_DATA =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
)
(CONNECT_DATA =
(SID = CLRExtProc)
(PRESENTATION = RO)
)
)
ORCL =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = WIN-10-ORACL-DB)(PORT = 1521))
(ADDRESS = (PROTOCOL = TCPS)(HOST = WIN-10-ORACL-DB)(PORT = 2484))
)
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = orcl.greenbuff.local)
)
)
tracefile(位于C:\App\db_home\log\diag\tnslssnr\WIN-10-ORACL-db\elistener\trace中(
CONNECTION REQUEST
2020-05-06 14:43:52.172 : nsgetaddr:entry
2020-05-06 14:43:52.172 : nttaddr2bnd:entry
2020-05-06 14:43:52.172 : snlinGetNameInfo:entry
2020-05-06 14:43:52.172 : snlinGetNameInfo:exit
2020-05-06 14:43:52.172 : nttaddr2bnd:Resolved to ::
2020-05-06 14:43:52.172 : nttaddr2bnd:exit
2020-05-06 14:43:52.173 : nsevfnt:cxd: 0xcc4405b0 cid=2 stage 0: NS events set:
INCOMING CALL
2020-05-06 14:43:52.173 : nsevrec:event is 0x1, on 2
2020-05-06 14:43:52.173 : nsevwait:1 posted event(s)
2020-05-06 14:43:52.173 : nsevwait:exit (0)
2020-05-06 14:43:52.173 : nsglhe:entry
2020-05-06 14:43:52.173 : nsglhe:Event on cxd 0xcc4405b0.
2020-05-06 14:43:52.173 : nsglhc:Allocating cxd 0xcc4bf0b0
2020-05-06 14:43:52.173 : nsanswer:entry
2020-05-06 14:43:52.173 : nsopen:entry
2020-05-06 14:43:52.173 : nsmal:entry
2020-05-06 14:43:52.173 : nsmal:1920 bytes at 0xcc620bf0
2020-05-06 14:43:52.173 : nsmal:normal exit
2020-05-06 14:43:52.173 : nsopenmplx:entry
2020-05-06 14:43:52.174 : nsmal:entry
2020-05-06 14:43:52.174 : nsmal:3552 bytes at 0xcc524250
2020-05-06 14:43:52.174 : nsmal:normal exit
2020-05-06 14:43:52.174 : nsiorini:entry
2020-05-06 14:43:52.174 : nsbal:entry
2020-05-06 14:43:52.174 : nsbgetfl:entry
2020-05-06 14:43:52.174 : nsbgetfl:normal exit
2020-05-06 14:43:52.174 : nsbal:normal exit
2020-05-06 14:43:52.174 : nsiorini:exit (0)
2020-05-06 14:43:52.174 : nscpxget:entry
2020-05-06 14:43:52.174 : nscpxget:normal exit
2020-05-06 14:43:52.175 : nsopenmplx:normal exit
2020-05-06 14:43:52.175 : nstoSetupTimeout:entry
2020-05-06 14:43:52.175 : nstoSetupTimeout:ATO enabled for ctx=0x00000286CC620BF0, val=60000(millisecs)
2020-05-06 14:43:52.175 : nstoUpdateActive:entry
2020-05-06 14:43:52.175 : nstoUpdateActive:Active timeout is 0 (see nstotyp)
2020-05-06 14:43:52.175 : nsopen:opening transport...
2020-05-06 14:43:52.175 : ntzconnect:entry
2020-05-06 14:43:52.175 : ntzCreateConnection:entry
2020-05-06 14:43:52.175 : nttcon:entry
2020-05-06 14:43:52.175 : nttcon:toc = 3
2020-05-06 14:43:52.175 : nttcnp:entry
2020-05-06 14:43:52.175 : nttcnp:getting sockname
2020-05-06 14:43:52.175 : nttcnp:getting peername
2020-05-06 14:43:52.175 : nttcnp:exit
2020-05-06 14:43:52.175 : nttcnr:entry
2020-05-06 14:43:52.175 : nttcnr:waiting to accept a connection.
2020-05-06 14:43:52.176 : nttcnr:getting sockname
2020-05-06 14:43:52.176 : snlinGetNameInfo:entry
2020-05-06 14:43:52.176 : snlinGetNameInfo:exit
2020-05-06 14:43:52.176 : nttcnr:connected on source ipaddr 172.20.191.102 port 2484
2020-05-06 14:43:52.176 : snlinGetNameInfo:entry
2020-05-06 14:43:52.176 : snlinGetNameInfo:exit
2020-05-06 14:43:52.176 : nttcnr:connected on destination ipaddr 172.20.191.101 port 53020
2020-05-06 14:43:52.176 : nttvlser:entry
2020-05-06 14:43:52.176 : nlvlsern:entry
2020-05-06 14:43:52.176 : snlinGetNameInfo:entry
2020-05-06 14:43:52.176 : snlinGetNameInfo:exit
2020-05-06 14:43:52.176 : nttvlser:valid node check on incoming node 172.20.191.101
2020-05-06 14:43:52.176 : nttvlser:Accepted Entry: 172.20.191.101
2020-05-06 14:43:52.176 : nttcnr:exit
2020-05-06 14:43:52.176 : nttctl:entry
2020-05-06 14:43:52.176 : nttctl:Setting connection into nodelay mode
2020-05-06 14:43:52.176 : nttctl:set TCP_NODELAY on 1332
2020-05-06 14:43:52.176 : nttcon:exit
2020-05-06 14:43:52.176 : ntzAllocate:entry
2020-05-06 14:43:52.176 : ntzAllocate:allocating 312 bytes of memory.
2020-05-06 14:43:52.177 : ntzAllocate:exit
2020-05-06 14:43:52.177 : ntzAllocate:entry
2020-05-06 14:43:52.177 : ntzAllocate:allocating 2097152 bytes of memory.
2020-05-06 14:43:52.177 : ntzAllocate:exit
2020-05-06 14:43:52.177 : ntzAllocate:entry
2020-05-06 14:43:52.177 : ntzAllocate:allocating 2097152 bytes of memory.
2020-05-06 14:43:52.177 : ntzAllocate:exit
2020-05-06 14:43:52.177 : ntzConfigure:entry
2020-05-06 14:43:52.177 : ntzgsvp:entry
2020-05-06 14:43:52.177 : ntzGetStringParameter:entry
2020-05-06 14:43:52.177 : ntzGetStringParameter:exit
2020-05-06 14:43:52.177 : ntzgsvp:no SSL version specified - using default version 0
2020-05-06 14:43:52.177 : ntzgsvp:exit
2020-05-06 14:43:52.177 : ntzgcpp:entry
2020-05-06 14:43:52.177 : ntzgcpp:no SSL cipher suites specified
2020-05-06 14:43:52.177 : ntzgcpp:exit
2020-05-06 14:43:52.177 : ntzgcap:entry
2020-05-06 14:43:52.178 : ntzgcap:retrieved value "FALSE" for client authentication parameter
2020-05-06 14:43:52.178 : ntzgcap:exit
2020-05-06 14:43:52.178 : ntzgwrl:entry
2020-05-06 14:43:52.178 : ntzgwrlFromFile:entry
2020-05-06 14:43:52.178 : ntzGetStringParameter:entry
2020-05-06 14:43:52.178 : ntzGetStringParameter:found value for "wallet_location" configuration parameter: "SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = C:Appdb_homewallet))"
2020-05-06 14:43:52.178 : ntzGetStringParameter:exit
2020-05-06 14:43:52.178 : ntzAllocate:entry
2020-05-06 14:43:52.178 : ntzAllocate:allocating 79 bytes of memory.
2020-05-06 14:43:52.178 : ntzAllocate:exit
2020-05-06 14:43:52.178 : ntzAllocate:entry
2020-05-06 14:43:52.178 : ntzAllocate:allocating 30 bytes of memory.
2020-05-06 14:43:52.178 : ntzAllocate:exit
2020-05-06 14:43:52.178 : ntzgwrlFromFile:exit
2020-05-06 14:43:52.178 : ntzgwrl:exit
2020-05-06 14:43:52.178 : ntzGetWRLFromDatabaseCallback:entry
2020-05-06 14:43:52.178 : ntzGetWRLFromDatabaseCallback:SERVICE_NAME available and WRL type is NZTTWRL_FILE, checking to see if per-PDB wallet for TLS is available.
2020-05-06 14:43:52.178 : ntzGetWRLFromDatabaseCallback:exit
2020-05-06 14:43:52.178 : ntzGetAllowedCertsParam:entry
2020-05-06 14:43:52.178 : ntzGetBooleanParameter:entry
2020-05-06 14:43:52.178 : ntzGetBooleanParameter:exit
2020-05-06 14:43:52.178 : ntzGetBooleanParameter:entry
2020-05-06 14:43:52.178 : ntzGetBooleanParameter:exit
2020-05-06 14:43:52.179 : ntzGetAllowedCertsParam:exit
2020-05-06 14:43:52.179 : ntzscr:entry
2020-05-06 14:43:52.179 : ntzGetStringParameter:entry
2020-05-06 14:43:52.179 : ntzGetStringParameter:exit
2020-05-06 14:43:52.179 : ntzGetStringParameter:entry
2020-05-06 14:43:52.179 : ntzGetStringParameter:exit
2020-05-06 14:43:52.179 : ntzGetStringParameter:entry
2020-05-06 14:43:52.179 : ntzGetStringParameter:exit
2020-05-06 14:43:52.179 : ntzscr:exit
2020-05-06 14:43:52.179 : ntzlogin:entry
2020-05-06 14:43:52.180 : ntzlogin:Wallet open failed with error 28759
2020-05-06 14:43:52.180 : ntzlogin:returning NZ error 28759 in result structure
2020-05-06 14:43:52.180 : ntzlogin:failed with error 540
2020-05-06 14:43:52.180 : ntzlogin:exit
这个跟踪文件的结果就是它如何退出并返回错误
虽然在这种情况下,客户端并不重要,但我设置了一个客户端来与服务器通信以产生流量。我得到:
ERROR:
ORA-28864: SSL connection closed gracefully
SP2-0751: Unable to connect to Oracle. Exiting SQL*Plus
我还包含了客户端跟踪文件的一部分,其中显示了读取错误,因为下面没有对客户端hello的响应。
2020-05-06 09:11:00.320 : nzosSetCipherSuite:Setting ciphers to ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-RSA-AES128-GCM-SHA256:ECDH-RSA-AES256-SHA384:ECDH-RSA-AES128-SHA256:ECDH-RSA-AES256-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES256-SHA384:ECDH-ECDSA-AES128-SHA256:ECDH-ECDSA-AES256-SHA:ECDH-ECDSA-AES128-SHA:EDH-RSA-AES256-GCM-SHA384:EDH-RSA-AES128-GCM-SHA256:EDH-RSA-AES256-SHA256:EDH-RSA-AES128-SHA256:EDH-RSA-AES256-SHA:EDH-RSA-AES128-SHA
2020-05-06 09:11:00.321 : nzosSetCipherSuite:exit
2020-05-06 09:11:00.321 : nzos_SetPersona:entry
2020-05-06 09:11:00.321 : nzosAddCertChain:entry
2020-05-06 09:11:00.322 : nzosAddCertChain:exit
2020-05-06 09:11:00.322 : nzos_SetPersona:exit
2020-05-06 09:11:00.322 : nzosSetCredential:exit
2020-05-06 09:11:00.322 : nzos_Handshake:entry
2020-05-06 09:11:00.322 : SSL_Info:Handshake before/connect initialization (TLSv12 protocol)
2020-05-06 09:11:00.323 : nttwr:entry
2020-05-06 09:11:00.323 : nttwr:socket 924 had bytes written=166
2020-05-06 09:11:00.323 : nttwr:exit
2020-05-06 09:11:00.323 : nzosp_bio_write:processed=166, ret=0
2020-05-06 09:11:00.323 : nzbiowrite: write 166/166 bytes
2020-05-06 09:11:00.323 : 0: 16030200 a1010000 9d03025e b2e194d7 |...........^....|
16: 9b23fc0e 9bd6897c 28ff1d22 e9282f0a |.#.....|(..".(/.|
32: 845770af b370ccea af5d7a00 004ac030 |.Wp..p...]z..J.0|
48: c028c014 c02fc027 c013c02c c024c00a |.(.../.'...,.$..|
64: c02bc023 c009009d 003d0035 009c003c |.+.#.....=.5...<|
80: 002fc032 c031c02a c029c00f c00ec02e |./.2.1.*.)......|
96: c02dc026 c025c005 c004009f 009e006b |.-.&...........k|
112: 00670039 003300ff 0100002a 000a0020 |.g.9.3.....*... |
128: 001e0017 0019000d 000e0018 000b000c |................|
144: 0009000a 00150006 00070013 00010003 |................|
160: 000b0002 0100---- -------- -------- |...... |
2020-05-06 09:11:00.323 : SSL_Info:SSLv2/v3 write client hello A (TLSv11 protocol)
2020-05-06 09:11:00.323 : nttrd:entry
2020-05-06 09:11:00.323 : ntt2err:entry
2020-05-06 09:11:00.323 : ntt2err:soc 924 error - operation=5, ntresnt[0]=530, ntresnt[1]=53, ntresnt[2]=0
2020-05-06 09:11:00.323 : ntt2err:exit
2020-05-06 09:11:00.323 : nttrd:exit
2020-05-06 09:11:00.323 : nzospRead:I/O error - closing connection (-6992)
2020-05-06 09:11:00.323 : SSL_Info:error in SSLv3 read server hello A
2020-05-06 09:11:00.324 : nzos_Handshake:Handshake returned failure code -1
2020-05-06 09:11:00.324 : nzos_Handshake:exit
如果能帮助我了解无法打开钱包的含义,我们将不胜感激。谢谢
对于本帖子可能帮助的任何人。我找到了答案。在思考了模糊的"无法打开钱包"错误信息后,我开始思考为什么钱包无法读取。我检查了所需钱包的实际位置,并将其与配置文件中指定的位置进行了比较,并查找了拼写错误。然后我认为权限可能是个问题,所以我继续对钱包目录中的每个单独的文件启用继承,并重新启动侦听器。沃伊拉成功了。
我遇到了同样的错误,并使用了同样的操作来解决它。现在,每次创建新钱包时,我都必须执行同样的操作(对每个单独的文件启用权限继承(,但奇怪的是,我检查了ewallet.p12文件的权限,它具有读取权限。
但现在我面临一个新的错误,SSL握手失败,错误为28862。跟踪文件的部分:
2023-08-10 02:59:47.785 : nzos_Handshake:entry
2023-08-10 02:59:47.785 : SSL_Info:Handshake before/accept initialization (TLSv12 protocol)
2023-08-10 02:59:47.785 : nttrd:entry
2023-08-10 02:59:47.785 : ntt2err:entry
2023-08-10 02:59:47.785 : ntt2err:soc 1196 error - operation=5, ntresnt[0]=517, ntresnt[1]=54, ntresnt[2]=0
2023-08-10 02:59:47.785 : ntt2err:exit
2023-08-10 02:59:47.785 : nttrd:exit
2023-08-10 02:59:47.785 : nzospRead:I/O error - closing connection (-6992)
2023-08-10 02:59:47.785 : SSL_Info:error in SSLv2/v3 read client hello A
2023-08-10 02:59:47.785 : nzos_Handshake:Handshake returned failure code -1
2023-08-10 02:59:47.785 : nzos_Handshake:exit
2023-08-10 02:59:47.785 : ntzdosecneg:SSL handshake failed with error 28862.
2023-08-10 02:59:47.786 : ntzdosecneg:exit
2023-08-10 02:59:47.786 : ntzcontrol:failed with error 542
2023-08-10 02:59:47.786 : ntzcontrol:exit
你遇到过同样的错误吗欣赏