dbaascli netsec config

The netsec config subcommand of the dbaascli utility is used to configure Oracle Net encryption and integrity settings.

By default, database deployments on Database Classic Cloud Service are configured to enable native Oracle Net encryption and integrity. You can use the netsec config subcommand to change Oracle Net encryption and integrity settings. For detailed information on Oracle Net encryption and integrity, see "Configuring Oracle Database Network Encryption and Data Integrity" in Oracle Database Security Guide for Release 18, 12.2 or 12.1 or "Configuring Network Data Encryption and Integrity for Oracle Servers and Clients" in Database Advanced Security Administrator's Guide for Release 11.2.

If you only want to configure encryption settings, see dbaascli netsec config encryption. If you only to configure integrity settings, see dbaascli netsec config integrity.

Execute this command as the oracle user.

dbaascli netsec config 
  --encryption_methods algorithm[,algorithm]... 
  --encryption_target client|server 
  --encryption_type accepted|rejected|requested|required 
  --integrity_clevel accepted|rejected|requested|required 
  --integrity_methods algorithm[,algorithm]... 
  --integrity_target client|server

Options of this subcommand are as follows.

Option	Description
`encryption_methods algorithm[,algorithm]...`	The `encryption_methods` option is used to specify the encryption algorithm(s). Valid values are: `AES128`, `AES192`, and `AES256`.
`encryption_target client\|server`	The `encryption_target` option is used to specify whether the encryption setting applies to the client or server. Use `server`.
`encryption_type accepted\|rejected\|requested\|required`	The `encryption_type` option is used to specify the action to take when negotiating encryption. `rejected`—Enter this value if you do not elect to enable data encryption, even if required by the client. In this scenario, this side of the connection specifies that data encryption is not permitted. If the client side is set to `required`, the connection terminates with error message `ORA-12650`. If the client side is set to `requested`, `accepted` or `rejected`, the connection continues without error and without data encryption enabled. `accepted`—Select this value to enable data encryption if required or requested by the client. In this scenario, this side of the connection does not require data encryption, but it is enabled if the client side is set to `required` or `requested`. If the client side is set to `required` or `requested`, and an encryption algorithm match is found, the connection continues without error and with data encryption enabled. If the client side is set to `required` and no algorithm match is found, the connection terminates with error message `ORA-12650`. If the client side is set to `requested` and no algorithm match is found, or if the client side is set to `accepted` or `rejected`, the connection continues without error and without data encryption enabled. `requested`—Select this value to enable data encryption if the client permits it. In this scenario, this side of the connection specifies that data encryption is desired but not required. Data encryption is enabled if the client side specifies `accepted`, `requested`, or `required`. There must be a matching algorithm available, otherwise data encryption is not enabled. If the client side specifies `required` and there is no matching algorithm, the connection fails. `required`—Select this value to enable data encryption or preclude the connection. In this scenario, this side of the connection specifies that data encryption must be enabled. The connection fails if the client side specifies `rejected` or if there is no compatible algorithm.
`integrity_clevel accepted\|rejected\|requested\|required`	The `integrity_clevel` option is used to specify the checksum level. `rejected`—Enter this value if you do not elect to enable data integrity, even if required by the client. In this scenario, this side of the connection specifies that data integrity is not permitted. If the client side is set to `required`, the connection terminates with error message `ORA-12650`. If the client side is set to `requested`, `accepted` or `rejected`, the connection continues without error and without data integrity enabled. `accepted`—Select this value to enable data integrity if required or requested by the client. In this scenario, this side of the connection does not require data integrity, but it is enabled if the client side is set to `required` or `requested`. If the client side is set to `required` or `requested`, and an integrity algorithm match is found, the connection continues without error and with data integrity enabled. If the client side is set to `required` and no algorithm match is found, the connection terminates with error message `ORA-12650`. If the client side is set to `requested` and no algorithm match is found, or if the client side is set to `accepted` or `rejected`, the connection continues without error and without data integrity enabled. `requested`—Select this value to enable data integrity if the client permits it. In this scenario, this side of the connection specifies that data integrity is desired but not required. Data integrity is enabled if the client side specifies `accepted`, `requested`, or `required`. There must be a matching algorithm available, otherwise data integrity is not enabled. If the client side specifies `required` and there is no matching algorithm, the connection fails. `required`—Select this value to enable data integrity or preclude the connection. In this scenario, this side of the connection specifies that data integrity must be enabled. The connection fails if the client side specifies `rejected` or if there is no compatible algorithm.
`integrity_methods algorithm[,algorithm]...`	The `integrity_methods` option is used to specify the integrity algorithm. Valid values are: `SHA1`, `SHA256`, `SHA384`, and `SHA512`.`SHA1` is the only algorithm supported by Oracle Database 11g.
`integrity_target client\|server`	The `integrity_target` option is used to specify whether the integrity setting applies to the client or server. Use `server`.