Encrypted Connections - Oracle to Aurora MySQL Migration Playbook
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Encrypted Connections

Feature compatibility Amazon SCT / Amazon DMS automation level Amazon SCT action code index Key differences

Three star feature compatibility




Oracle Usage

Oracle Database supports encrypting incoming data out of the box using native Oracle Net Services. You can encode data that is sent to and from the server using Advanced Encryption Standard (AES) algorithm, ARIA(Academia, Research Institute, and Agency) algorithm, GOsudarstvennyy STandart (GOST) algorithm, Korea Information Security Agency SEED algorithm and Triple-DES encryption (3DES).

Algorithms can be specified in the sqlnet.ora file for the clients and servers.

For more information, see Configuring Oracle Database Network Encryption and Data Integrity in the Oracle documentation.

SSL/TLS connections to the Oracle database are supported starting with Oracle 12c in the standard edition.

For more information, see SSL Connection to Oracle DB using JDBC, TLSv1.2, JKS or Oracle Wallets (12.2 and lower) in the Oracle Developers Blog.

MySQL Usage

MySQL supports encrypted connections between clients and the server using the TLS (Transport Layer Security) protocol. TLS is sometimes referred to as SSL (Secure Sockets Layer) but MySQL does not actually use the SSL protocol for encrypted connections because its encryption is weak.

OpenSSL 1.1.1 supports the TLS v1.3 protocol for encrypted connections.


Amazon Relational Database Service (Amazon RDS) for MySQL version 8.0.16 and higher supports TLS v1.3 as well if both the server and client are compiled using OpenSSL 1.1.1 or higher. For more information, see Encrypted Connection TLS Protocols and Ciphers in the MySQL documentation.