Home
AdministeringIn addition to administering the database server, you can tune performance, replicate data, and archive data.
System administrationThese topics contain concepts, procedures, and reference information for database and database server administrators to use for managing and tuning HCL OneDB™ database servers.
Administrator's ReferenceThe HCL OneDB™ Administrator's Reference includes comprehensive descriptions of HCL OneDB™ configuration parameters, the system-monitoring interface (SMI) tables in the sysmaster database, the syntax of database server utilities such as onmode and onstat, logical-log records, disk structures, event alarms, and unnumbered error messages.
Configuring and monitoring HCL OneDB™
Database configuration parametersThe HCL OneDB™ database server uses a configuration file, which is called the onconfig file, during initialization. This file contains default configuration parameter values. You can modify the parameter values to improve performance and other characteristics of the instance or database.
ENCRYPT_CIPHERS configuration parameterUse the ENCRYPT_CIPHERS configuration parameter to define all ciphers and modes that can be used by the current database session. ENCRYPT_CIPHERS is used for Enterprise Replication and High-Availability Data Replication only.

ENCRYPT_CIPHERS configuration parameter

Use the ENCRYPT_CIPHERS configuration parameter to define all ciphers and modes that can be used by the current database session. ENCRYPT_CIPHERS is used for Enterprise Replication and High-Availability Data Replication only.

onconfig.std value: Not set. Encryption ciphers are not used.
values: See the Usage section.
takes effect: After you edit your onconfig file and restart the database server.

Usage

The encryption cipher and mode used is randomly chosen among the ciphers common between the two servers. If a specific cipher is discovered to have a weakness, you should reset the ENCRYPT_CIPHERS configuration parameter value to eliminate that cipher by using the allbut option.

Important: Including all ciphers is more secure than including specific ciphers.

Figure 1: Syntax for the ENCRYPT_CIPHERS configuration parameter

Table 1. Options for the ENCRYPT_CIPHERS configuration parameter value
Field	Description
all	Include all available ciphers and modes, except ECB mode, which is considered weak. For example:`ENCRYPT_CIPHERS all`
allbut	Include all ciphers and modes, except ECB and the ciphers and modes listed. For example: `ENCRYPT_CIPHERS allbut:<cbc,bf>` The cipher list can include unique, abbreviated entries. For example, `bf` can represent bf-1, bf-2, and bf-3; however, if the abbreviation is the name of an actual cipher, then only that cipher is eliminated. Therefore, `des` eliminates only the des cipher, but `de` eliminates the des, des3, and desx ciphers.
`cipher`	The following ciphers are supported: des = DES (64-bit key) des3 = Triple DES desx = Extended DES (128-bit key). Only supports cbc mode. aes = AES 128bit key aes192 = AES 192bit key bf-1 = Blow Fish (64-bit key) bf-2 = Blow Fish (128-bit key) bf-3 = Blow Fish (192-bit key) aes128 = AES 128bit key aes256 = AES 256bit key All modes are supported for all ciphers, except the desx cipher. For an updated list of supported ciphers, see the Release Notes.
`mode`	The following modes are supported: ecb = Electronic Code Book (ECB). Only included if specified. cbc = Cipher Block Chaining cfb = Cipher Feedback ofb = Output Feedback

Rate this topic

5 stars 4 stars 3 stars 2 stars 1 star

Comment on this topic.

By clicking this box, you acknowledge that you are NOT a U.S. Federal Government employee or agency, nor are you submitting information with respect to or on behalf of one. HCL provides software and services to U.S. Federal Government customers through its partners immixGroup, Inc. Contact this team at https://hcltechsw.com/resources/us-government-contact. Do not include any personal data in this Comment box.