AWS AmazonRDS documentation change
Summary
Added 'Verifying that NNE is active' section with SQL query to confirm encryption status.
Security assessment
This adds documentation for verifying Native Network Encryption (security feature) but doesn't address a specific security vulnerability.
Diff
diff --git a/AmazonRDS/latest/UserGuide/Appendix.Oracle.Options.NetworkEncryption.md b/AmazonRDS/latest/UserGuide/Appendix.Oracle.Options.NetworkEncryption.md index 3121e523e..6cc16ae70 100644 --- a//AmazonRDS/latest/UserGuide/Appendix.Oracle.Options.NetworkEncryption.md +++ b//AmazonRDS/latest/UserGuide/Appendix.Oracle.Options.NetworkEncryption.md @@ -6,0 +7,2 @@ +Verifying that NNE is active + @@ -22,0 +25,2 @@ You can use Native Network Encryption or Secure Sockets Layer, but not both. For + * Verifying that NNE is active + @@ -31,0 +36,11 @@ You can use Native Network Encryption or Secure Sockets Layer, but not both. For +## Verifying that NNE is active + +After connecting to your DB instance, run the following query to confirm your session is encrypted: + + + SELECT SYS_CONTEXT('USERENV', 'NETWORK_PROTOCOL') AS PROTOCOL, + SYS_CONTEXT('USERENV', 'ENCRYPTION_TYPE') AS ENCRYPTION + FROM DUAL; + +If NNE is active, the `ENCRYPTION` column shows the algorithm in use (for example, `AES256`). If it shows blank or NULL, the connection is not encrypted. +