- Newest
- Most votes
- Most comments
I am assuming that you are using oracle 19.7c client or lesser than that. Please upgrade your oracle client to 19.8c or latest client in order to avoid the successful SSL connection with incorrect certificates in the source Oracle client wallet. The connection will be encrypted if you are able to establish the TCPS connection and you can use the below query to validate the connection.
SELECT SYS_CONTEXT('USERENV', 'network_protocol') FROM DUAL;
References:- [+] https://aws.amazon.com/blogs/database/best-practices-for-successful-ssl-connections-to-amazon-rds-for-oracle/
Is my RDS data encrypted in transit even though the default certificate changed
Yes your data is still encrypted in transit.
The certificate, whether it's rds-ca-2019 or rds-ca-rsa4096-g1, isn't used to encrypt the data. It's used by the server, in this case the RDS database, to prove its authenticity to the client.
As long as the cert presented by the server is (i) in date; and (ii) signed by a certificate authority that's in the client's bundle; the client will trust it.
Once the client is satisfied that it trusts the server, they then go through a back-and-forth process to agree on a cipher and generate a keypair, one half of which the server uses to encrypt the data, and the other half is used by the client to decrypt.
Relevant content
- asked 5 months ago
- asked 8 months ago
- asked 8 months ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 2 months ago
