dbaascli netsec config encryption

The netsec config encryption subcommand of the dbaascli utility is used to configure Oracle Net encryption settings.

By default, database deployments on Database Cloud Service are configured to enable native Oracle Net encryption and integrity. You can use the netsec config encryption subcommand to change Oracle Net encryption settings. See "Configuring Oracle Database Network Encryption and Data Integrity" in Oracle Database Security Guide for Release 18, 12.2 or 12.1 or "Configuring Network Data Encryption and Integrity for Oracle Servers and Clients" in Database Advanced Security Administrator's Guide for Release 11.2 for detailed information on Oracle Net encryption.

Execute this command as the oracle user.

dbaascli netsec config encryption 
  --methods algorithm[,algorithm]... 
  --target client|server 
  --type accepted|rejected|requested|required

Options of this subcommand are as follows.

Option Description

methods algorithm[,algorithm]...

The methods option is used to specify the encryption algorithm(s). Valid values are: AES128, AES192, and AES256.

target client|server

The target option is used to specify whether the encryption setting applies to the client or server. Use server.

type accepted|rejected|requested|required

The type option is used to specify the action to take when negotiating encryption.

  • rejected—Enter this value if you do not elect to enable data encryption, even if required by the client.

    In this scenario, this side of the connection specifies that data encryption is not permitted. If the client side is set to required, the connection terminates with error message ORA-12650. If the client side is set to requested, accepted or rejected, the connection continues without error and without data encryption enabled.

  • accepted—Select this value to enable data encryption if required or requested by the client.

    In this scenario, this side of the connection does not require data encryption, but it is enabled if the client side is set to required or requested. If the client side is set to required or requested, and an encryption algorithm match is found, the connection continues without error and with data encryption enabled. If the client side is set to required and no algorithm match is found, the connection terminates with error message ORA-12650.

    If the client side is set to requested and no algorithm match is found, or if the client side is set to accepted or rejected, the connection continues without error and without data encryption enabled.

  • requested—Select this value to enable data encryption if the client permits it.

    In this scenario, this side of the connection specifies that data encryption is desired but not required. Data encryption is enabled if the client side specifies accepted, requested, or required. There must be a matching algorithm available, otherwise data encryption is not enabled. If the client side specifies required and there is no matching algorithm, the connection fails.

  • required—Select this value to enable data encryption or preclude the connection.

    In this scenario, this side of the connection specifies that data encryption must be enabled. The connection fails if the client side specifies rejected or if there is no compatible algorithm.