Encryption ciphers and modes

You must specify which ciphers and mode to use during encryption.

The cipher and mode that is used is randomly selected among the ciphers that are common between the two servers. Make sure that all servers and client computers that participate in encrypted communication have ciphers and modes in common. Encryption is more secure if you include more ciphers and modes that the database server can switch between. For information about how to switch between ciphers, see Switch frequency.

The Data Encryption Standard (DES) is a cryptographic algorithm designed to encrypt and decrypt data by using 8-byte blocks and a 64-bit key.

The Triple DES (DES3) is a variation of DES in which three 64-bit keys are used for a 192-bit key. DES3 works by first encrypting the plain text by using the first 64-bits of the key. Then the cipher text is decrypted by using the next part of the key. In the final step, the resulting cipher text is re-encrypted by using the last part of the key.

The Advanced Encryption Standard (AES) is a replacement algorithm that is used by the United States government.

Two encryption modes are:

A Blowfish is a block cipher that operates on 64-bit (8-byte) blocks of data. It uses a variable size key, but typically, 128-bit (16-byte) keys are considered to be good for strong encryption. Blowfish can be used in the same modes as DES.

Important: You must not specify individual ciphers. For security reasons, all ciphers must be allowed. If a cipher is discovered to have a weakness, you can exclude it.

Use the allbut option to list ciphers and modes to exclude. Enclose the allbut list in angled brackets (<>). The list can include unique, abbreviated entries. For example, bf can represent bf1, bf2, and bf3. However, if the abbreviation is the name of an actual cipher, then only that cipher is eliminated. Therefore, des eliminates only the DES cipher, but de eliminates des, ede, and desx.

The following des, ede, and desx ciphers are supported.
Cipher Explanation Blowfish Cipher Explanation
des DES (64-bit key) bf1 Blowfish (64-bit key)
ede Triple DES bf2 Blowfish (128-bit key)
desx Extended DES (128-bit key) bf3 Blowfish (192-bit key)
Important: The cipher desx can only be used in cbc mode.
The following AES-encryption ciphers are supported.
Cipher Explanation
aes AES (128-bit key)
aes128 AES (128-bit key)
aes192 AES (192-bit key)
aes256 AES (256-bit key)
The following modes are supported.
Mode Explanation
ecb Electronic Code Book
cbc Cipher Block Chaining
cfb Cipher Feedback
ofb Output Feedback

Because ecb mode is considered weak; it is only included if specifically requested. It is not included in the all or the allbut list.

Copyright© 2018 HCL Technologies Limited