In order to configure our Oracle database for connectivity, our DBAs are asking us to enable the following settings to enable encryption when connecting to the database:
oracle.net.encryption_client=REQUIREDoracle.net.encryption_types_client=AES256oracle.net.crypto_checksum_client=REQUIREDoracle.net.crypto_checksum_types_client=SHA1
How we can configure the settings above in our Linux and Windows Policy Servers?
For Linux Policy Servers, the following parameters should be added in the system_odbc.ini file: EncryptionLevel=3 EncryptionTypes=AES256 DataIntegrityLevel=3 DataIntegrityTypes=SHA1
The level value 3 means the encryption and/or the data integrity check are required, and the types parameters specify which algorithms are allowed.
For Windows Policy Servers, you need to open the ODBC Data Source administrator (x32) and modify the settings for your Oracle connection using the Oracle Wire protocol driver clicking on "Configure", and going to the Advanced Security tab, where you can specify the same values as above:
Encryption Level: 3 - RequiredEncryption Types: (select the types allowed by enabling the corresponding checkboxes; in this case you only need: AES256)Data Integrity Level: 3 - RequiredData Integrity Types: (select the types allowed by enabling the corresponding checkboxes; in this case you only need: SHA1)
Note that you can use the "Test Connect" button to ensure the connection is done properly after changing the settings. After the changes are set, click the Ok button twice to save the changes.
You can find more information on these parameters at the following locations: http://media.datadirect.com/download/docs/odbc/allodbc/index.html#page/odbc%2Fencryption-types.html http://media.datadirect.com/download/docs/odbc/allodbc/index.html#page/odbc/encryption-level.html http://media.datadirect.com/download/docs/odbc/allodbc/index.html#page/odbc/data-integrity-level.html http://media.datadirect.com/download/docs/odbc/allodbc/index.html#page/odbc/data-integrity-types.html
KD : kb000016934