User's Manual
Configuration Parameters
D-2 Oracle Database Advanced Security Administrator's Guide
Configuration parameters are contained in the sqlnet.ora file that is held locally
for each of the client and server processes. The protection placed on these files
should be equivalent to the level of a DBA.
The following configuration parameters are described in this appendix:
■ ENCRYPTION_SERVER
■ ENCRYPTION_CLIENT
■ ENCRYPTION_TYPES_SERVER
■ CRYPTO_SEED
■ CRYPTO_SEED_CLIENT
■ FIPS_140
Server Encryption Level Setting
The server side of the negotiation notionally controls the connection settings. The
following parameter in the server file is mandatory:
SQLNET.ENCRYPTION_SERVER=REQUIRED
Setting the encryption as REQUIRED on the server side of the connection ensures
that a connection is only permitted if encryption is used, irrespective of the
parameter value on the client.
Client Encryption Level Setting
The ENCRYPTION_CLIENT parameter specifies the connection behavior for the client.
One of the following parameter settings in the client file is mandatory:
SQLNET.ENCRYPTION_CLIENT=(ACCEPTED|REQUESTED|REQUIRED)
A connection to the server is only possible if there is agreement between client and
server for the connection encryption. The server has this set to REQUIRED,
therefore the client must not reject encryption for a valid connection to be the result.
Failure to specify one of these values results in error when attempting to connect to
a FIPS 140-1 compliant server.
Server Encryption Selection List
The ENCRYPTION_TYPES_SERVER parameter specifies a list of encryption algorithms that
the server is permitted to use when acting as a server in the order of required usage.