1.101 DBFIPS_140

DBFIPS_140 enables Transparent Data Encryption (TDE) and DBMS_CRYPTO PL/SQL package program units to run in a mode compliant to the Federal Information Processing Standard (subsequently known as "FIPS mode").

Property Description

Parameter type

Boolean

Default value

FALSE

Modifiable

No

Modifiable in a PDB

No

Range of values

TRUE | FALSE

Basic

No

Oracle RAC

All instances must use the same value.

Values:

  • TRUE

    Set this parameter to TRUE to use TDE and DBMS_CRYPTO in FIPS mode. This means that only FIPS-compliant algorithms may be used.

    This method of configuring FIPS mode is considered a legacy configuration, but it is still supported. Oracle recommends that you instead use the consolidated FIPS_140 parameter in the fips.ora file. See Oracle Database Security Guide for more information.

    This parameter can be set to TRUE during a rolling RAC upgrade. However, verify that TDE is using a FIPS-compliant algorithm before making the change. If you are not using a FIPS-compliant algorithm and you set this parameter to TRUE, you will not be able to read the data.

  • FALSE

    When this parameter is set to FALSE, all algorithms (FIPS-compliant or not) may be used. This is the default.

See Also:

Oracle Database Security Guide for a table that describes the effect of setting the value of DBFIPS_140 to TRUE or FALSE on different platforms