Posted On: Sep 27, 2021

Amazon Relational Database Service (Amazon RDS) for Oracle now supports four new customer modifiable sqlnet.ora client parameters for the Oracle Native Network Encryption (NNE) option. Amazon RDS for Oracle already supports server parameters which define encryption properties for incoming sessions. These client parameters apply to outgoing connections such as those used by database links.

You can use the SQLNET.ENCRYPTION_CLIENT parameter to turn encryption on for the client, SQLNET.ENCRYPTION_TYPES_CLIENT to specify a list of encryption algorithms for the client to use, SQLNET.CRYPTO_CHECKSUM_CLIENT to specify the checksum behavior for the client, and SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT to specify a list of crypto-checksum algorithms for the client to use.

Amazon RDS for Oracle has discontinued SHA1 and MD5 from the default list of ciphers. The recommended ciphers to use are SHA256, SHA384, SHA512 in the NNE option. If you need to use SHA1 and MD5, you have to explicitly set “SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER” and “SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT” values to use “SHA1” or “MD5” in the “options” parameter for the active DB connection to work.

You can change the settings of the sqlnet.ora parameters for the Oracle Native Network Encryption (NNE) option for the client as described in the Amazon RDS for Oracle documentation.

Amazon RDS for Oracle makes it easy to set up, operate, and scale Oracle database deployments in the cloud. See Amazon RDS for Oracle Pricing for up-to-date pricing and regional availability.