View a markdown version of this page

Oracle native network encryption - Amazon Relational Database Service

Oracle native network encryption

Amazon RDS supports Oracle native network encryption (NNE). With the NATIVE_NETWORK_ENCRYPTION option, you can encrypt data as it moves to and from a DB instance. Amazon RDS supports NNE for all editions of Oracle Database.

A detailed discussion of Oracle native network encryption is beyond the scope of this guide, but you should understand the strengths and weaknesses of each algorithm and key before you decide on a solution for your deployment. For information about the algorithms and keys that are available through Oracle native network encryption, see Configuring network data encryption and integrity in the Oracle documentation. For more information about AWS security, see the AWS security center.

Note

You can use Native Network Encryption or Secure Sockets Layer, but not both. For more information, see Oracle Secure Sockets Layer.

Verifying that NNE is active

After connecting to your DB instance, query V$SESSION_CONNECT_INFO for your session to confirm that native network encryption is active:

SELECT NETWORK_SERVICE_BANNER FROM V$SESSION_CONNECT_INFO WHERE SID = SYS_CONTEXT('USERENV', 'SID');

If NNE is active, the results include a banner that contains encryption service adapter. The banner text shows the negotiated algorithm, for example AES256. If checksumming is also enabled, the results include a crypto-checksumming service adapter banner. If the query returns no encryption service adapter banner, the connection is not using native network encryption.