Home | Previous Page | Next Page   Appendix B. Configuration Parameter and Environment Variable Reference >

ENCRYPT_CIPHERS Configuration Parameter

syntax
ENCRYPT_CYPHERS all|allbut:<list of ciphers and modes>|cipher:mode{,cipher:mode ...}
default value
allbut:<ecb>
takes effect
when Enterprise Replication is initialized

The ENCRYPT_CIPHERS configuration parameter defines all ciphers and modes that can be used by the current database session.

The cipher list for allbut can include unique, abbreviated entries. For example, bf can represent bf-1, bf-2, and bf-3. However, if the abbreviation is the name of an actual cipher, then only that cipher is eliminated. Therefore, des eliminates only the des cipher, but de eliminates des, des3, and desx.

Important:
The encryption cipher and mode used is randomly chosen among the ciphers common between the two servers. It is strongly recommended that you do not specify specific ciphers. For security reasons, all ciphers should be allowed. If a specific cipher is discovered to have a weakness, then that cipher can be eliminated by using the allbut option.

The following ciphers are supported. For an updated list, see the Release Notes.

des

DES (64-bit key)

bf-1

Blow Fish (64-bit key)

des3

Triple DES

bf-2

Blow Fish (128-bit key)

desx

Extended DES (128-bit key)

bf-3

Blow Fish (192-bit key)

3aes

AES 128bit key

aes128

AES 128bit key

3aes192

AES 192bit key

aes256

aes 256bit key

The following modes are supported.

ecb
Electronic Code Book (ECB)
cbc
Cipher Block Chaining
cfb
Cipher Feedback
ofb
Output Feedback

All ciphers support all modes, except the desx cipher, which only supports the cbc mode.

Because cdb mode is considered weak, it is only included if specifically requested. It is not included in the all or the allbut list.

Home | [ Top of Page | Previous Page | Next Page | Contents | Index ]