我们的应用程序 Unix 服务器中安装了 Oracle 19c 客户端。

当我们从应用程序 Unix 服务器连接到 19c 数据库服务器时，它按预期工作。

但是当我们尝试使用来自应用服务器的 sqlplus 连接 11gR2 数据库架构时，得到错误 ORA-12650 : No Common Encryption or data integrity algorithm

从我们的应用程序 Unix 服务器，我们使用我们使用的连接描述符进行了 tnsping。 TNSPING 在我们的应用服务器上运行良好。

etladm@myappserver992[DEV][admin] $ tnsping MYOLD_DB_DEV

TNS Ping Utility for Linux: Version 19.0.0.0.0 - Production on 15-MAR-2021 01:36:00

Copyright (c) 1997,2019,Oracle.  All rights reserved.

Used parameter files:
/u01/app/oracle/product/client/19c/network/admin/sqlnet.ora


Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST =my11gr2dbserverdaas)(PORT = 1622))) (CONNECT_DATA = (SERVICE_NAME = DEV.hk.myorg.com)))
OK (450 msec)
etladm@myappserver992[DEV][admin] $

注意： 在我们的应用服务器中，由于其他模块的依赖关系，我们同时安装了 Oracle 11gR2 Oracle 客户端和 19c Oracle 客户端。但是 Unix PATH 变量设置为指向 Oracle 19c Oracle 主路径

etladm@myappserver992[DEV][~] $ echo $ORACLE_HOME
/u01/app/oracle/product/client/19c
etladm@myappserver992[DEV][~] $

sqlnet.ora 在我们的 19c 客户端管理目录中找到：

# Forces Network Data Encryption during Transit

NAMES.DIRECTORY_PATH=(EZCONNECT,TNSNAMES)
SQLNET.ENCRYPTION_CLIENT = REQUIRED
SQLNET.ENCRYPTION_TYPES_CLIENT = AES256
SQLNET.CRYPTO_CHECKSUM_CLIENT = REQUIRED
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT = SHA256
SQLNET.ALLOWED_LOGON_VERSION_SERVER=8
SQLNET.ALLOWED_LOGON_VERSION_CLIENT=8
# SQLNET.ALLOWED_LOGON_VERSION_CLIENT=12

我们目前无法升级我们的 11gR2 数据库。所以在 sqlnet.ora 或其他地方寻找任何设置。

编辑 #1：我们可以使用 19c sqlplus 从我们的应用服务器连接到 12c Oracle DB 服务器。

etladm@myappserver992[DEV][admin] $ sqlplus username/password@my12cdbserversilos:1624/DEV.uk.myorg.com

SQL*Plus: Release 19.0.0.0.0 - Production on Mon Mar 15 01:48:17 2021
Version 19.3.0.0.0

Copyright (c) 1982,Oracle.  All rights reserved.

Last Successful login time: Mon Mar 15 2021 01:46:36 +08:00

Connected to:
Oracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64bit Production

SQL> select * from v$version;

BANNER                                                                   CON_ID
--------------------------------------------------------------------------------
Oracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64bit Production  0
PL/SQL Release 12.2.0.1.0 - Production         0
CORE    12.2.0.1.0      Production         0
TNS for Linux: Version 12.2.0.1.0 - Production       0
NLSRTL Version 12.2.0.1.0 - Production               0

SQL>

编辑 #2： 11g 服务器版本：

select * from v$version;
BANNER
----------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
PL/SQL Release 11.2.0.4.0 - Production
"CORE   11.2.0.4.0  Production"
TNS for Linux: Version 11.2.0.4.0 - Production
NLSRTL Version 11.2.0.4.0 - Production

11g 服务器中的 SQLNET.ORA：

NAMES.DIRECTORY_PATH= (TNSNAMES,LDAP,EZCONNECT)
SQLNET.ENCRYPTION_SERVER=REQUESTED
SEC_USER_AUDIT_ACTION_BANNER=/u01/app/oracle/global/scripts/BANNER/dbbanner.txt

解决方法

SQLNET.ENCRYPTION_CLIENT = REQUIRED
SQLNET.ENCRYPTION_TYPES_CLIENT = AES256
SQLNET.CRYPTO_CHECKSUM_CLIENT = REQUIRED
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT = SHA256

SQLNET.CRYPTO_CHECKSUM_CLIENT = REQUIRED
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT = (SHA256,SHA1)

SQLNET.ENCRYPTION_SERVER = REQUIRED
SQLNET.ENCRYPTION_TYPES_SERVER = AES256
SQLNET.CRYPTO_CHECKSUM_SERVER = REQUIRED
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER = SHA1

NAMES.DIRECTORY_PATH=(EZCONNECT,TNSNAMES)
SQLNET.ENCRYPTION_CLIENT = REQUIRED
SQLNET.ENCRYPTION_TYPES_CLIENT = (AES256,RC4_256,AES192,3DES168,AES128,RC4_128,3DES112,RC4_56,DES,RC4_40,DES40)
SQLNET.CRYPTO_CHECKSUM_CLIENT = REQUIRED
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT =(SHA256,MD5)
SQLNET.ALLOWED_LOGON_VERSION_SERVER=8
SQLNET.ALLOWED_LOGON_VERSION_CLIENT=8