My environment is as below –
Server: Oracle 12C 12.1.0.2.v17 ( AWS RDS Service)
Client: Windows 2012 machine with Oracle 19C 64 bit full client
Tools : SQL Developer and Toad on the client machine
I have configured native network encryption for the RDS service by following the instructions in https://docs.oracle.com/en/cloud/paas/database-dbaas-cloud/csdbi/use-network-encryption-and-integrity.html
I set following options on the RDS –
SQLNET.ENCRYPTION_SERVER= Accepted
SQLNET.ENCRYPTION_TYPES_SERVER= AES256
The client Oracle 19c 64 bit home is
C:\oracle\product\19.0.0\client_1\network\admin\sqlnet.ora
Both client tools using the TNS name in the above path; I verified this by using tnsping
The sqlnet.ora in client has following options –
SQLNET.ENCRYPTION_CLIENT=REQUIRED
SQLNET.ENCRYPTION_TYPES_CLIENT=(AES256)
After the above configurations, I restarted my windows machine(just to make sure) and am able to establish connection to the RDS with Toad and SQL Developer tool.
MY question: How do I verify if my connection is encrypted ?
I tried executing below query –
select NETWORK_SERVICE_BANNER
from v$session_connect_info
where SID = sys_context('USERENV','SID');
The output I am seeing is
TCP/IP NT Protocol Adapter for Linux: Version 12.1.0.2.0 – Production
Encryption service for Linux: Version 12.1.0.2.0 – Production
Crypto-checksumming service for Linux: Version 12.1.0.2.0 – Production
SHA1 Crypto-checksumming service adapter for Linux: Version 12.1.0.2.0 – Production
I do not see "AES256 Encryption" in the NETWORK_SERVICE_BANNER output.
Related question: I need all the client connections from this machine to my server use encryption. Is there a way I can enforce this by using logon trigger ?
Best Answer
You're confused with my comments,with
accepted
on server side andrequired
client side sqlplus connection is encrypted and Sql Developer with thin client is unencrypted but the same Sql Developer with thick client connection is encrypted.(Toad is out of scope I never used at all).In other wordsaccepted
on server side is working as expected.Let me demonstrate for you
Now I'll uncomment last two lines in sqlnet.ora client side
Now let's test with Sql Developer thin client
It's evident from above image it uses jdbc thin driver.Let's check the sql out put in Sql Developer and as expected there is no AES256 encryption
Now I will switch to thick client,check both images
Hope this clears up