To encrypt connections between client and database server you have to set some parameters in sqlnet.ora file ($ORACLE_HOME/network/admin/sqlnet.ora) of server and client (you have to install oracle client on the client):
- server side:
SQLNET.ENCRYPTION_SERVER=REQUIRED
SQLNET.ENCRYPTION_TYPES_SERVER=(AES256)
- client side:
SQLNET.ENCRYPTION_CLIENT=REQUIRED
SQLNET.ENCRYPTION_TYPES_CLIENT=(AES256)
the ENCRYPTION_CLIENT parameter can have one of these values:
- ACCEPTED : The client or server will allow both encrypted and non-encrypted connections. This is the default if the parameter is not set.
- REJECTED : The client or server will refuse encrypted traffic.
- REQUESTED : The client or server will request encrypted traffic if it is possible, but will accept non-encrypted traffic if encryption is not possible.
- REQUIRED : The client or server will only accept encrypted traffic.
the ENCRYPTION_TYPES_SERVER and ENCRYPTION_TYPES_CLIENT parameters can have these values:
- AES256: Advanced Encryption Standard (AES). AES was approved by the National Institute of Standards and Technology (NIST) to replace Data Encryption Standard (DES). AES256 enables you to encrypt a block size of 256 bits.
- RC4_256: Rivest Cipher 4 (RC4), which is the most commonly used stream cipher that protects protocols such as Secure Sockets Layer (SSL). RC4_256 enables you to encrypt up to 256 bits of data.
- AES192: Enables you to use AES to encrypt a block size of 192 bits.
- 3DES168: Triple Data Encryption Standard (TDES) with a three-key option. 3DES168 enables you to encrypt up to 168 bits of data.
- AES128: Enables you to use AES to encrypt a block size of 128 bits.
- RC4_128: Enables you to use RC4 to encrypt up to 128 bits of data.
- 3DES112: Enables you to use Triple DES with a two-key (112 bit) option.
- DES: Data Encryption Standard (DES) 56-bit key. Note that National Institute of Standards and Technology (NIST) no longer recommends DES.
- RC4_40: Enables you to use RC4 to encrypt up to 40 bits of data. (Not recommended.)
- DES40: Enables you to use DES to encrypt up to 40 bits of data. (Not recommended.)