Oracle Database Cryptographic Roadmap
Oracle Database Cryptographic Roadmap
Last updated on March 2026
The following information represents Oracle's plans for changes to the security algorithms and associated policies/settings in the Oracle Database.
The information on this site is intended for releases currently receiving premier support by Oracle (as described in the Oracle Technology Products lifetime support policy).
These notices cover changes on update releases. New feature releases may implement new security algorithms or use different default settings than previously released versions. Information on changes delivered with new feature releases, including changes in cryptography, can be found on the release notes. However, for some notable exceptions, this site may include notices about changes in a future release or even early access versions.
Disclaimer
The information below is a summary of Oracle’s current plans. It is intended to provide general information to the public. This roadmap can change with little or no warning, though Oracle will attempt to provide advance notice about these changes. In some instances, it is possible that required changes will be published only after a given release or release update.
2025 KuppingerCole Leadership Compass for Data Security Platforms
Discover why KuppingerCole recognized Oracle as a Leader in database security
Planned Changes
Proposed Timeline | Targetted release(s) and Impacted Feature(s) | Planned Action |
|---|---|---|
2H 2026 | 19c / TLS | Support TLS 1.3 with quantum-resistant key exchange and certificates in Oracle Database 19c An upcoming release update to Oracle Database 19c will add support for TLS 1.3, quantum-resistant key exchange using ML-KEM or a hybrid mix of ML-KEM and ECDHE, and ML-DSA certificates. The current plan is that this new capability will be available but disabled by default. Enabling it will require the database binaries to be relinked, at which time the legacy cryptography stack will be disabled, and only the new cryptography stack will work. You will be able to revert to the legacy configuration if needed by relinking the database again. |
2H 2026 | 26ai / TLS | Update to Native Network Encryption (NNE) in Oracle AI Database 26ai An upcoming release update to Oracle AI Database 26ai will add support for a new NNE algorithm, ezTLS. The new algorithm leverages TLS, but in a certificateless mode. This will provide the simple configuration advantage of NNE, but with improved encryption and key exchange support based on TLS. |
2H 2026 | 19c / TLS | Disable weak ciphers by default Currently, the TLS_ENABLE_WEAK_CIPHERS parameter defaults to TRUE for backwards compatibility. In an upcoming release update, we plan to change the default to FALSE, which will disable these ciphers unless the parameter is explicitly set to TRUE in the sqlnet.ora:
|
2H 2026 | 19c / TLS | Remove support for TLS 1.0 and TLS 1.1 Currently, TLS 1.0 and 1.1 are enabled by default unless TLS_VERSION is explicitly set to disable them. In an upcoming release update, we will enable support for TLS 1.3 and at the same time default the value of TLS_VERSION to 1.3 and 1.2. You will need to update the value of TLS_VERSION to include TLS 1.0 and/or 1.1 if you wish to re-enable them. Note that TLS 1.0 and TLS 1.1 cannot be enabled while using TLS 1.3. |
2H 2026 | 19c / NNE, DBMS_CRYPTO | Disable MD2, MD4 hashing when database operates in FIPS 140-3 or FIPS 140-2 modes Currently, Oracle Database 19c supports FIPS 140-2. An upcoming release update will include support for FIPS 140-3. As part of that release, when the database operates in FIPS 140-3 or FIPS 140-2 modes, MD2 and MD4 hashing will be disabled. |
2H 2026 | 19c / NNE, DBMS_CRYPTO | Disable 3DES encryption when database operates in FIPS 140-3 mode 3DES will not work if database is configured for FIPS 140-3. 3DES will not work when database is in FIPS 140-2 mode for both CFB and OFB mode. 3DES will still work in FIPS 140-2 mode in CBC and ECB modes. |
2H 2026 | 19c / NNE, DBMS_CRYPTO | Disable DES, 2DES, and RC4 in FIPS mode DES, 2DES, and RC4 algorithms will not work for native network encryption (NNE) and DBMS_CRYPTO in any FIPS mode |
1H 2027 | 19c / TLS | Allow the disabling of weak elliptic curve groups An upcoming release update will introduce a new parameter, SSL_DISABLE_WEAK_EC_CURVES with a default value of false. When this parameter is set to TRUE, it will disable the group of ECC curves with key lengths less than (but not including) 256 bits (equivalent to RSA 2048), including: sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1 At some time in the future, we will change the default value of this new parameter to TRUE. |
1H 2027 | 26ai / TLS | Disable weak elliptic curves by default Currently, the parameter TLS_DISABLE_WEAK_EC_CURVES has a default value of false. Setting this value to true disables ECC curves with a key length less than 256 bits, including: sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1 At some time in the future, we will change the default value of this new parameter to TRUE. SSL_DISABLE_WEAK_EC_CURVES is deprecated in favor of TLS_KEY_EXCHANGE_GROUPS, which has a default value of hybrid, ec, weak, ml-kem. The weak setting enables the above listed weak ECC curves. At the same time we change the default setting of SSL_DISABLE_WEAK_EC_CURVES, we will also remove weak from the default value for TLS_KEY_EXCHANGE_GROUPS. |
Released Changes
Release date | Release affected | Impacted feature | Algorithm/Protocol and Action |
|---|---|---|---|
2026-01-20 | 23.26.1 | TLS (1.3 only) | Hybrid Added an option to use a hybrid key exchange mode. This combines ECDHE with ML-KEM. The benefit of this is to provide additional assurance for the TLS key exchange in the face of harvest now/decrypt later quantum threats. Hybrid key exchange would requiring compromise of both exchange algorithms before a session key would be compromised. Update TLS_KEY_EXCHANGE_GROUPS to:
|
2026-01-20 | 19.30 | TLS | sqlnet.ora parameters now allow you to choose between TLS_ and SSL_ The following parameters now allow you to use either an SSL or TLS prefix in the parameter name:
|
2025-10-15 | 23.26.0 | TLS (1.3 only) | ML-KEM Added an option to choose ML-KEM as the key exchange cipher. This intended to provide quantum resistance for TLS data in-motion. Added support for ML-DSA certificates. New parameter TLS_KEY_EXCHANGE_GROUPS added to sqlnet.ora. Allowed values are ec (ECDHE), weak, and ml-kem. That is the order of precedence if no value is prescribed. |
2025-01-02 | 23.7 | TLS (1.2 only) | TLS elliptic curve groups Adds option to enable or disable weak elliptic curves for TLS connections via "SSL_DISABLE_WEAK_EC_CURVES" parameter with default value as FALSE. As per RFC8422, only secp256r1, secp384r1, secp521r1, x25519 elliptic curves will continue to be supported. Following curves are considered weak as per this RFC - sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1 These curves remain enabled by default, but the new config parameter can be used to disable these curves if desired. |
2024-05-02 | 23.4 | NNE | MD4, MD5, DES, 3DES, RC4 Removed MD4, MD5, DES, 3DES, and RC4 related algorithms for Native Network Encryption (NNE). |
2024-05-02 | 23.4 | DBMS_CRYPTO | MD4, MD5, DES, 3DES, RC4 Disable MD4, MD5, DES, 3DES, and RC4 related algorithms for DBMS_CRYPTO by default.
|
2024-05-02 | 23.4 | TLS | TLS ALLOW_MD5_CERTS and ALLOW_SHA1_CERTS sqlnet.ora parameters are deprecated in 26ai, Instead of these parameters, use the ALLOWED_WEAK_CERT_ALGORITHMS sqlnet.ora parameter, which is new with Oracle AI Database 26ai. |
2024-05-02 | 23.4 | TLS | Disable weak ciphers by default SSL_ENABLE_WEAK_CIPHERS parameter was introduced in October 2023 to provide an option to enable/disable weak TLS ciphers with the default value as TRUE. To be secure by default, SSL_ENABLE_WEAK_CIPHERS is set to FALSE by default from 23.4 onwards. |
2024-05-02 | 23.4 | TLS, NNE | RSA, DH, DSA Increase higher key length in FIPS mode. 26ai and onwards, a minimum of 2048 key lengths for RSA, Diffie-Hellman (DH), and Digital Signature Algorithm (DSA) are supported in FIPS mode. Lower key lengths are allowed in non-FIPS mode only. |
2023-17-10 | 19.21 | TLS | TLS Disable weak ciphers by default. SSL_ENABLE_WEAK_CIPHERS parameter was introduced to provide an option to enable/disable weak TLS ciphers with the default value as TRUE. |
2023-04-19 | 23.1 | TLS | TLS Desupport SSLv3, TLS1.0, TLS1.1 |
2023-04-19 | 23.1 | TLS | TLS Desupport DH Anon Ciphers.
|
2021-08-13 | 21c | TLS | TLS Desupport of Anonymous RC4 Cipher Suite (SSL_DH_anon_WITH_RC4_128_MD5) The use of the anonymous RC4 cipher suite for non-authenticated TLS connections is desupported in 21c and onwards. |
2021-05-13 | 21c | NNE, DBMS_CRYPTO | SHA1 Deprecate SHA-1 use for NNE and DBMS_CRYPTO. |
Additional Information and further reading
- Blog: Securing Oracle AI Database 26ai for the Quantum Era
- Blog: Both is better – Oracle AI Database 26ai adds hybrid-mode quantum-resistant support
- Blog: You can’t modernize database cryptography you can’t see – first create a crypto inventory
- Oracle JRE and JDK Cryptographic Roadmap - Java-based stored procedures within the database follow the Oracle JRE and JDK Cryptographic roadmap and are not covered by the details below.
- Oracle Technology Lifetime Support policy - Contains information about Oracle Database versions and their supported timelines.
Get started with Oracle database security
Try Advanced Security
Experience Advanced Security by configuring your key use cases on LiveLabs. This lab focuses on Oracle Advanced Security features such as Transparent Data Encryption (TDE) and Data Redaction. Explore how to set up these capabilities to protect your databases and sensitive data. Run this workshop in your own tenancy or reserve a time to use LiveLabs, free of charge.
Try Key Vault
In this lab, you’ll migrate an Oracle Database 19c encrypted with TDE from a local wallet to Oracle Key Vault for centralized key management. Learn to upload and remove TDE master keys for PCI DSS compliance, use tagged keys for easier PDB association, and establish a repeatable, auditable workflow for key centralization and rotation. Run the workshop on your own tenancy or reserve a time to run the workshop on LiveLabs, free of charge.
Try Key Vault
This workshop dives into Oracle Key Vault’s advanced SSH key management capabilities, demonstrating how to centralize SSH keys within a robust, policy-driven environment and minimize the risk of credential theft or misconfiguration. Learn to store, control, and rotate SSH key pairs directly in Key Vault—where private keys can be set to non-extractable, so even if a server is compromised, the keys remain protected.
Try Data Safe
Experience Data Safe by configuring your key use cases on LiveLabs. This is an overview lab. It focuses on evaluating database configurations and security controls, assessing user security and privileges, monitoring user activity through auditing and alerts, discovering and masking sensitive data for compliance, and mitigating risks from SQL injection and compromised accounts using SQL Firewall.