Configuration Parameters
Oracle Advanced Security FIPS 140-1 Settings D-3
The specified algorithm must be installed or the connection terminates. For FIPS
140-1 compliance, only DES encryption is permitted and therefore the following
parameter setting is mandatory:
SQLNET.ENCRYPTION_TYPES_SERVER=(DES|DES40)
Client Encryption Selection List
The ENCRYPTION_TYPES_CLIENT parameter specifies the list of encryption algorithms
which the client is prepared to use for the connection with the server. In order for a
connection to be successful, the algorithm must first be installed and the encryption
type must be mutually acceptable to the server.
To create a connection with a server that is configured for FIPS 140-1, the following
parameter setting is mandatory:
SQLNET.ENCRYPTION_TYPES_CLIENT=(DES|DES40)
Cryptographic Seed Value
The CRYPTO_SEED parameter contains characters which are part of the seed for the
random number generator. There are no explicit requirements for the value of this
parameter within the FIPS 140-1 standard, however it is suggested that a large set of
random characters, up to 70, is chosen as follows:
SQLNET.CRYPTO_SEED=10_to_70_random_characters
FIPS Parameter
The default setting of the FIPS_140 parameter is FALSE. Setting the parameter to
TRUE is mandatory for both client and server to ensure Oracle Advanced Security
complies with the standards defined in FIPS 140-1 as follows:
SQLNET.FIPS_140=TRUE
Note: Use a text editor to set the FIPS_140 parameter in the
sqlnet.ora file. You cannot use Oracle Net Manager to set this
parameter.
To Next Page
Loading...