Forum Stats

  • 3,770,288 Users
  • 2,253,090 Discussions
  • 7,875,388 Comments

Discussions

Unable to connect to Oracle Database which is SHA512 encryption enabled on both Oracle Server and cl

Jyothsna-Oracle
Jyothsna-Oracle Member Posts: 6
edited Dec 22, 2018 9:25PM in Python

This is the setting on oracle server's sqlnet.ora

**************$ORACLE_HOME/network/admin/sqlnet.ora

SQLNET.ENCRYPTION_SERVER=required

SQLNET.CRYPTO_CHECKSUM_SERVER=required

SQLNET.ENCRYPTION_TYPES_SERVER=(AES256,AES192,AES128)

SQLNET.EXPIRE_TIME=10

SQLNET.WALLET_OVERRIDE=FALSE

WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/u02/app/oracle/admin/EXA00013/db_wallet)))

SSL_VERSION=1.2

SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER=(SHA512)

SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT=(SHA512)

ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=HSM)(METHOD_DATA=(DIRECTORY=/var/opt/oracle/dbaas_acfs/EXA00013/tde_wallet/)))

My python version is 2.7

cx-oracle version is 7.0

Oracle Database version is: 12.2.0.1.0

We are unable to connect to database with above setting enabled. Getting below error. Appreciate any inputs in this regard.

File "/opt/dataraker/code/core/ws/dr/dal/dbOracle.py", line 329, in connect

   raise DBError("Error connecting to DB for env %s : %s" % (self.envName,exc))

dr.dal.dbOracle.DBError: 'Error connecting to DB for env odr : Traceback (most recent call last):\n  File "/opt/dataraker/code/core/ws/dr/dal/dbOracle.py", line 322, in connect\n    self.conn = self.envObj.getDBConnOracle()\n  File "/opt/dataraker/code/core/ws/dr/util/misc.py", line 332, in getDBConnOracle\n    dsn=cx_Oracle.makedsn(self.obj[\'db_conf\'][\'host\'],self.obj[\'db_conf\'][\'port\'],service_name=self.obj[\'db_conf\'][\'serviceName\']))\nDatabaseError: ORA-12650: No common encryption or data integrity algorithm\n\n'

Answers

  • Richard C Evans-Oracle
    Richard C Evans-Oracle Member Posts: 2
    edited Dec 10, 2018 1:12AM

    Hi, Some questions first:

    Can you help me understand why you're setting WALLET_LOCATION? EXPIRE_TIME? SSL_VERSION?

    Where does the client reside in relation to the DB? Same server / different server?

    You have a lot of lines in your sqlnet.ora that we would not advice you set manually anymore.  For example, anything CLIENT shouldn't be set on the DB server.  All of these SQLNET.* parameters will default automatically to parameters that lead the client and database to create an encrypted session.  

    What happens if you remove all of the SQLNET.* parameters and run the program, does it work? If so, can you query the NETWORK_SERVICE_BANNER column of the database view V$SESSION_CONNECT_INFO to verify the encryption status of a connection.  If both the client and the database are set to "requested" (the default) then the connection should show encrypted and the level of encryption (probably AES256).

    Can you let us know what happens?

    Regards,

    Rich

  • Gaz in Oz
    Gaz in Oz Member Posts: 3,785 Bronze Crown
    edited Dec 22, 2018 9:25PM

    The error message full text states:

    $ oerr ORA 1265012650, 00000, "No common encryption or data integrity algorithm"// *Cause:  The client and server have no algorithm in common for//          either encryption or data integrity or both.// *Action: Choose sets of algorithms that overlap.  In other words,//          add one of the client's algorithm choices to the server's//          list or vice versa.

    ...so is that your problem, sqlnet.ora on client and server have conflicting values set up?

    What Oracle documentation did you you use as a reference for setting up your TDE security?

    Have you got Oracle Client libraries accessible in your PATH (windows) or LD_LIBRARY_PATH (Linux)?

    Before getting caught up with trying to get python/cx_Oracle working, it'll be simpler to do it with sqlplus first.