Sunday, September 5, 2010

How to turn-on ASO for network encryption

### SERVER SIDE CONFIGURATION ###
#
SQLNET.CRYPTO_CHECKSUM_SERVER=REQUIRED
SQLNET.ENCRYPTION_SERVER=REQUIRED
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER=(MD5)
SQLNET.ENCRYPTION_TYPES_SERVER=(DES40,RC4_40)
SQLNET.CRYPTO_SEED="Between Ten and Seventy Random Characters"

### CLIENT SIDE CONFIGURATION ###
#
SQLNET.CRYPTO_CHECKSUM_CLIENT=REQUIRED
SQLNET.ENCRYPTION_CLIENT=REQUIRED
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT=(MD5)
SQLNET.ENCRYPTION_TYPES_CLIENT=(DES40,RC4_40)


How to verify whether ASO Network Encryption is working or not:

SQL> select a.sid,a.username,b.network_service_banner
2 from v$session a,v$session_connect_info b
3 where a.sid=b.sid
4 and a.serial#=b.serial#
5 /

SID USERNAME NETWORK_SERVICE_BANNER
---------- -------------------- ----------------------------------------------------------------------------------------------------
124 TCP/IP NT Protocol Adapter for Linux: Version 11.1.0.7.0 - Production
124 Oracle Advanced Security: encryption service for Linux: Version 11.1.0.7.0 - Production
124 Oracle Advanced Security: crypto-checksumming service for Linux: Version 11.1.0.7.0 - Production
126 BANKING TCP/IP NT Protocol Adapter for Linux: Version 11.1.0.7.0 - Production
126 BANKING Oracle Advanced Security: encryption service for Linux: Version 11.1.0.7.0 - Production
126 BANKING Oracle Advanced Security: DES40 encryption service adapter for Linux: Version 11.1.0.7.0 - Producti
126 BANKING Oracle Advanced Security: crypto-checksumming service for Linux: Version 11.1.0.7.0 - Production
126 BANKING Oracle Advanced Security: MD5 crypto-checksumming service adapter
129 SYS
146 SYS

10 rows selected.

SQL>