3 Replies Latest reply on Nov 26, 2014 3:44 AM by Lannie Liberty

    ORA-01017 with managed ODP.NET provider when FIPS is enabled

    Nelson Rothermel

      Following up on this discussion:

      ORA-01017 with Managed Provider 4.112.3.60. Bug with ODP on Win 2008 R2?

       

      "It looks like the AES algorithm is being used to encrypt the password while connecting to the database. The AES implementation in .NET is NOT FIPS compliant which causes problems in the public sector (I noticed you were in the government, as am I). The only way I was able to get around this issue was to turn off FIPS Policy enforcement (http://msdn.microsoft.com/en-us/library/hh202806.aspx.)"

       

      I'm still seeing the same behavior over a year later and turning off FIPS on the .NET side works.  There is a FIPS-compliant .NET option: AesCryptoServiceProvider Class (System.Security.Cryptography).  Assuming this is compatible with the Oracle service side, is it possible to switch over from the current AesManaged class which is not FIPS-compliant?  Or at least give us a configuration option to toggle between the two.