AWS Aurora Postgresql oracle_fdw tls server connection

Question

Using extension oracle_fdw within AWS RDS Aurora-Postgresql v12.12 oracle_fdw:

oracle_diag                                                 |
------------------------------------------------------------+
oracle_fdw 2.3.0, PostgreSQL 12.12, Oracle client 21.7.0.0.0|

When I create a server connection 'Create Server' to an Oracle database, does it use tls >= 1.2 by default? If not is there a way to enable tls on this server connection?

Cannot find any reference for tls with oracle_fdw. Need to make this connection secure in transit.

Answer 1

Follow the advice in this oracle_fdw issue:

I really suggest to follow oracle-base tutorial : https://oracle-base.com/articles/misc/native-network-encryption-for-database-connections Tim Hall is also an OCM and he knows his stuff. His documentation is more concise and clearer than Oracle official docs.

Key parts:

"From 10g Release 2 onward, Native Network Encryption and TCP/IP with SSL/TLS are no longer part of the Advanced Security Option. Native network encryption gives you the ability to encrypt database connections, without the configuration overhead of TCP/IP and SSL/TLS and without the need to open and listen on different ports."

Oracle 11g or later users can utilize this feature without an expensive option.

"If we require AES256 encryption on all connections to the server, we would add the following to the server side "sqlnet.ora" file. The client does not need to be altered as the default settings (ACCEPTED and no named encryption algorithm) will allow it to successfully negotiate a connection.

SQLNET.ENCRYPTION_SERVER=REQUIRED
SQLNET.ENCRYPTION_TYPES_SERVER=(AES256)

Just one file to edit server side and that's all.