NATIVE_NETWORK_ENCRYPTION option settings
You can specify encryption requirements on both the server and the client. The DB instance can act as a client
when, for example, it uses a database link to connect to another database. You might want to avoid forcing
encryption on the server side. For example, you might not want to force all client communications to use
encryption because the server requires it. In this case, you can force encryption on the client side using the
SQLNET.*CLIENT
options.
Amazon RDS supports the following settings for the NATIVE_NETWORK_ENCRYPTION
option.
Note
When you use commas to separate values for an option setting, don't put a space after the comma.
Option setting | Valid values | Default values | Description |
---|---|---|---|
|
|
|
The behavior of the server when a client using a non-secure cipher attempts to connect to
the database. If If the setting is
|
|
|
|
The behavior of the server when a client using a non-secure cipher attempts to connect to the database. The following ciphers are considered not secure:
If the setting is If the setting is
|
|
|
|
The data integrity behavior when a DB instance connects to the client, or a server acting as a client. When a DB instance uses a database link, it acts as a client.
|
|
|
|
The data integrity behavior when a client, or a server acting as a client, connects to the DB instance. When a DB instance uses a database link, it acts as a client.
|
|
|
|
A list of checksum algorithms. You can specify either one value or a comma-separated list of values. If you use a comma,
don't insert a space after the comma; otherwise, you receive an
This parameter and |
|
|
|
A list of checksum algorithms. You can specify either one value or a comma-separated list of values. If you use a comma,
don't insert a space after the comma; otherwise, you receive an
This parameter and |
|
|
|
The encryption behavior of the client when a client, or a server acting as a client, connects to the DB instance. When a DB instance uses a database link, it acts as a client.
|
|
|
|
The encryption behavior of the server when a client, or a server acting as a client, connects to the DB instance. When a DB instance uses a database link, it acts as a client.
|
|
|
|
A list of encryption algorithms used by the client. The client attempts to decrypt the server input by trying each algorithm in order, proceeding until an algorithm succeeds or the end of the list is reached. Amazon RDS uses the following default list from Oracle. RDS starts with
You can specify either one value or a comma-separated list of values. If you a comma, don't
insert a space after the comma; otherwise, you receive an This parameter and |
|
|
|
A list of encryption algorithms used by the DB instance. The DB instance uses each algorithm, in order, to attempt to decrypt the client input until an algorithm succeeds or until the end of the list is reached. Amazon RDS uses the following default list from Oracle. You can change the order or limit the algorithms that the client will accept.
You can specify either one value or a comma-separated list of values. If you a comma, don't
insert a space after the comma; otherwise, you receive an This parameter and |