Posted On: Feb 9, 2016

You can now use Secure Sockets Layer (SSL) and Native Network Encryption (NNE) to establish a secure network connection to all editions of Amazon RDS for Oracle. Starting with Oracle database version 11gR2, these features are no longer part of the Oracle Advanced Security option and are available in all Oracle editions supported by Amazon RDS.

SSL is an industry-standard protocol for securing network connections. It uses RSA public key cryptography in conjunction with symmetric key cryptography to provide authentication, encryption, and data integrity. Amazon RDS for Oracle creates an SSL certificate and installs the certificate on the DB instance during the instance creation process. These certificates are signed by the Amazon certificate authority and are available for download from Using SSL to Encrypt a Connection to a DB Instance page. The SSL certificate includes the DB instance endpoint in the Common Name (CN) field of the SSL certificate to guard against spoofing attacks.

Similarly, Oracle NNE encrypts data as it moves in and out of the database. Oracle NNE enables you to encrypt network traffic travelling over the Oracle Net Service using industry-standard encryption algorithms such as AES and Triple DES. 

To enable SSL for your RDS for Oracle DB Instance, you add the SSL option to an option group, and apply the Option Group to your DB Instance. Then you specify the port you want to communicate over using SSL to establish SSL connection to your RDS for Oracle DB instance. To enable Oracle NNE, you simply add the NATIVE_NETWORK_ENCRYPTION option to an option group and associate that option group with the DB instance. 

To learn more about using SSL and NNE on Amazon RDS for Oracle, please visit the documentation pages for the SSL option and the NNE option.