AWS AmazonRDS high security documentation change
Summary
Corrected parameter names from CHECKSUM_TYPES to CRYPTO_CHECKSUM_TYPES and added important note about enforcing encryption
Security assessment
The change corrects misnamed security parameters related to cryptographic checksums and adds explicit guidance to prevent unencrypted connections by recommending 'Required' mode. This directly addresses potential security weaknesses where connections might remain unencrypted due to client limitations.
Diff
diff --git a/AmazonRDS/latest/UserGuide/Oracle.Options.NNE.Options.md b/AmazonRDS/latest/UserGuide/Oracle.Options.NNE.Options.md index b03745cd2..507a5b01c 100644 --- a//AmazonRDS/latest/UserGuide/Oracle.Options.NNE.Options.md +++ b//AmazonRDS/latest/UserGuide/Oracle.Options.NNE.Options.md @@ -22 +22 @@ Option setting | Valid values | Default values | Description - * `SQLNET.CHECKSUM_TYPES_SERVER` and `SQLNET.CHECKSUM_TYPES_CLIENT` have one matching secure checksumming method that is not `MD5`. + * `SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER` and `SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT` have one matching secure checksumming method that is not `MD5`. @@ -36 +36 @@ If the setting is `TRUE`, clients can connect when they use the preceding non-se - * `SQLNET.CHECKSUM_TYPES_SERVER` and `SQLNET.CHECKSUM_TYPES_CLIENT` have one matching secure checksumming method that is not `MD5`. + * `SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER` and `SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT` have one matching secure checksumming method that is not `MD5`. @@ -45,0 +46,4 @@ If the setting is `TRUE`, clients can connect when they use the preceding non-se + +###### Important + +With the default value of `Requested`, connections may remain unencrypted if the client does not support encryption. To enforce encryption for all connections, set `SQLNET.ENCRYPTION_SERVER` to `Required`.