How to enable encryption for ODBC connections to Oracle databases?

Document ID : KB000016934
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

In order to configure our Oracle database for connectivity, our DBAs are asking us to enable the following settings to enable encryption when connecting to the database:

oracle.net.encryption_client=REQUIRED
oracle.net.encryption_types_client=AES256
oracle.net.crypto_checksum_client=REQUIRED
oracle.net.crypto_checksum_types_client=SHA1

How we can configure the settings above in our Linux and Windows Policy Servers? 

Environment:
Policy Server R12.52 SP1 CR05
Answer:

For Linux Policy Servers, the following parameters should be added in the system_odbc.ini file:
EncryptionLevel=3
EncryptionTypes=AES256
DataIntegrityLevel=3
DataIntegrityTypes=SHA1

The level value 3 means the encryption and/or the data integrity check are required, and the types parameters specify which algorithms are allowed.

For Windows Policy Servers, you need to open the ODBC Data Source administrator (x32) and modify the settings for your Oracle connection using the Oracle Wire protocol driver clicking on "Configure", and going to the Advanced Security tab, where you can specify the same values as above:

Encryption Level: 3 - Required
Encryption Types: (select the types allowed by enabling the corresponding checkboxes; in this case you only need: AES256)
Data Integrity Level: 3 - Required
Data Integrity Types: (select the types allowed by enabling the corresponding checkboxes; in this case you only need: SHA1)

Note that you can use the "Test Connect" button to ensure the connection is done properly after changing the settings. After the changes are set, click the Ok button twice to save the changes.

 

Additional Information:

You can find more information on these parameters at the following locations:
http://media.datadirect.com/download/docs/odbc/allodbc/index.html#page/odbc%2Fencryption-types.html
http://media.datadirect.com/download/docs/odbc/allodbc/index.html#page/odbc/encryption-level.html
http://media.datadirect.com/download/docs/odbc/allodbc/index.html#page/odbc/data-integrity-level.html
http://media.datadirect.com/download/docs/odbc/allodbc/index.html#page/odbc/data-integrity-types.html