Posted On: Feb 6, 2023
Amazon Relational Database Service (Amazon RDS) for Oracle now supports additional cipher suites that can be used with the OEM Agent and SSL options in the Amazon Web Services China (Ningxia) Region, operated by NWCD, and the Amazon Web Services China (Beijing) Region, operated by Sinnet. Customers can make use of these new cipher suites as they provide stronger security for the RDS for Oracle database instance(s) connections, thereby increasing the security posture of their infrastructure.
Starting today, RDS for Oracle will support 4 new cipher suites for the OEM Agent option and 6 new cipher suites for the SSL option. These new suites include various combinations of AES and RSA encryption with different key lengths and SHA algorithms.
For OEM Agent option, RDS for Oracle will support the following 4 new cipher suites: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA. To learn more about modifying OEM Agent, read Modifying OEM Agent Database settings documentation.
For SSL option, RDS for Oracle will support the following 6 new cipher suites: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA. To learn more about adding SSL option, read Adding SSL option documentation.
To learn more about modifying an existing option group, read Modifying an Option setting documentation. See the Amazon RDS for Oracle Database Pricing page for complete regional availability information.