raccli update netsec

Not Oracle Cloud InfrastructureNot Oracle Cloud at Customer This topic does not apply to Oracle Cloud Infrastructure or to Oracle Cloud at Customer.

The update netsec subcommand of the raccli utility updates the Oracle Net security configuration on an Oracle Database Cloud Service database deployment that uses Oracle Real Application Clusters (RAC).
raccli update netsec {-encryption|-integrity} {-server|-client}  -type type  -algorithm algorithm

This subcommand runs synchronously.

If the subcommand fails, it reports a FAILURE status and provides a message describing the reason for the failure.

Options of this subcommand are as follows.

Option Description

-encryption

Controls whether Oracle Net Services data encryption is configured.

-integrity

Controls whether Oracle Net Services data integrity is configured.

-server

Specifies that the Oracle Net Services data encryption or data integrity configuration is for the server. Use this value.

-client

Specifies that the Oracle Net Services data encryption or data integrity configuration is for the client.

-type type

Specifies how Oracle Net Services data encryption or data integrity is negotiated with clients.

For data encryption enter one of these values:

  • rejected—Enter this value if you do not elect to enable data encryption, even if required by the client.

    In this scenario, this side of the connection specifies that data encryption is not permitted. If the client side is set to required, the connection terminates with error message ORA-12650. If the client side is set to requested, accepted or rejected, the connection continues without error and without data encryption enabled.

  • accepted—Select this value to enable data encryption if required or requested by the client.

    In this scenario, this side of the connection does not require data encryption, but it is enabled if the client side is set to required or requested. If the client side is set to required or requested, and an encryption algorithm match is found, the connection continues without error and with data encryption enabled. If the client side is set to required and no algorithm match is found, the connection terminates with error message ORA-12650.

    If the client side is set to requested and no algorithm match is found, or if the client side is set to accepted or rejected, the connection continues without error and without data encryption enabled.

  • requested—Select this value to enable data encryption if the client permits it.

    In this scenario, this side of the connection specifies that data encryption is desired but not required. Data encryption is enabled if the client side specifies accepted, requested, or required. There must be a matching algorithm available, otherwise data encryption is not enabled. If the client side specifies required and there is no matching algorithm, the connection fails.

  • required—Select this value to enable data encryption or preclude the connection.

    In this scenario, this side of the connection specifies that data encryption must be enabled. The connection fails if the client side specifies rejected or if there is no compatible algorithm.

For data integrity enter one of these values:
  • rejected—Enter this value if you do not elect to enable data integrity, even if required by the client.

    In this scenario, this side of the connection specifies that data integrity is not permitted. If the client side is set to required, the connection terminates with error message ORA-12650. If the client side is set to requested, accepted or rejected, the connection continues without error and without data integrity enabled.

  • accepted—Select this value to enable data integrity if required or requested by the client.

    In this scenario, this side of the connection does not require data integrity, but it is enabled if the client side is set to required or requested. If the client side is set to required or requested, and an integrity algorithm match is found, the connection continues without error and with data integrity enabled. If the client side is set to required and no algorithm match is found, the connection terminates with error message ORA-12650.

    If the client side is set to requested and no algorithm match is found, or if the client side is set to accepted or rejected, the connection continues without error and without data integrity enabled.

  • requested—Select this value to enable data integrity if the client permits it.

    In this scenario, this side of the connection specifies that data integrity is desired but not required. Data integrity is enabled if the client side specifies accepted, requested, or required. There must be a matching algorithm available, otherwise data integrity is not enabled. If the client side specifies required and there is no matching algorithm, the connection fails.

  • required—Select this value to enable data integrity or preclude the connection.

    In this scenario, this side of the connection specifies that data integrity must be enabled. The connection fails if the client side specifies rejected or if there is no compatible algorithm.

-algorithm algorithm

The algorithm to be used for data encryption or data integrity. For encryption, the choices are AES128, AES192, and AE256. For integrity with Oracle Database 12c and later releases, the choices are SHA1, SHA512, SHA384, and SHA25. For integrity with Oracle Database 11g, the only accepted value is SHA1.