Oracle 12.2c Managed Driver Does not Work with Encrypted Connection — oracle-tech

    Forum Stats

  • 3,715,657 Users
  • 2,242,821 Discussions
  • 7,845,481 Comments

Discussions

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Oracle 12.2c Managed Driver Does not Work with Encrypted Connection

user8632831
user8632831 Member Posts: 8 Red Ribbon
edited August 2018 in ODP.NET

Hi,

Hoping someone can point me in the right direction with the following blocking point. We have attempted multiple configuration combinations and tests before reaching this point of reaching out to the forum.

We are experiencing a problem with the Oracle 12.2c Managed Driver. We have an application which uses a combination of unmanaged and managed clients. Enabling encryption at the database connection level causes a problem. An article updated on 26 October 2015 indicates encryption is supported in the Oracle 12.2c Managed Driver. It in turn points to an article https://apex.oracle.com/pls/apex/f?p=18357:39:18138408495219::NO::P39_ID:28201 which declares the supportability of encyption in the driver.

The version of the current driver in our product is 4.121.2.0 and we also downloaded the driver from http://www.oracle.com/technetwork/database/windows/downloads/index-090165.html.

The sqlnet.ora settings on the server are the following:

SQLNET.ENCRYPTION_SERVER = required

SQLNET.CRYPTO_SEED = 'xxxx'

SQLNET.ENCRYPTION_TYPES_SERVER= (AES256)

The message received when attempting to connect before adding configuration settings is:

Oracle.ManagedDataAccess.Client.OracleException (0x80004005): ORA-12537: Network Session: End of file ---> OracleInternal.Network.NetworkException (0x000030F9): ORA-12537: Network Session: End of file

   at OracleInternal.Network.ReaderStream.Read(OraBuf OB)

   at OracleInternal.TTC.OraBufReader.GetDataFromNetwork()

   at OracleInternal.TTC.OraBufReader.Read(Boolean bIgnoreData)

   at OracleInternal.TTC.MarshallingEngine.UnmarshalUB1(Boolean bIgnoreData)

   at OracleInternal.TTC.TTCProtocolNegotiation.ReadResponse()

   at OracleInternal.ConnectionPool.PoolManager`3.CreateNewPR(Int32 reqCount, Boolean bForPoolPopulation, ConnectionString csWithDiffOrNewPwd, String instanceName)

   at OracleInternal.ConnectionPool.PoolManager`3.Get(ConnectionString csWithDiffOrNewPwd, Boolean bGetForApp, String affinityInstanceName, Boolean bForceMatch)

   at OracleInternal.ConnectionPool.OraclePoolManager.Get(ConnectionString csWithNewPassword, Boolean bGetForApp, String affinityInstanceName, Boolean bForceMatch)

   at OracleInternal.ConnectionPool.OracleConnectionDispenser`3.Get(ConnectionString cs, PM conPM, ConnectionString pmCS, SecureString securedPassword, SecureString securedProxyPassword)

   at Oracle.ManagedDataAccess.Client.OracleConnection.Open()

The following configuration settings were added in the web config file:

      <oracle.manageddataaccess.client>

          <version number="4.121.2.0">

       <settings>

          <setting name="TraceLevel" value="7" />

          <setting name="TraceOption" value="1"/>

          <setting name="TraceFileLocation" value="C:\temp"/>   

          <setting name="SQLNET.ENCRYPTION_CLIENT" value="required"/>

          <setting name="SQLNET.ENCRYPTION_TYPES_CLIENT" value="AES256" />

       </settings>

     </version>

  </oracle.manageddataaccess.client>

The error messsage after adding the configuration settings listed above is the following:

OracleInternal.Network.NetworkException (0x000030F9): ORA-12537: Network Session: End of file

   at OracleInternal.ConnectionPool.PoolManager`3.CreateNewPR(Int32 reqCount, Boolean bForPoolPopulation, ConnectionString csWithDiffOrNewPwd, String instanceName)

   at OracleInternal.ConnectionPool.PoolManager`3.Get(ConnectionString csWithDiffOrNewPwd, Boolean bGetForApp, String affinityInstanceName, Boolean bForceMatch)

   at OracleInternal.ConnectionPool.OraclePoolManager.Get(ConnectionString csWithNewPassword, Boolean bGetForApp, String affinityInstanceName, Boolean bForceMatch)

   at OracleInternal.ConnectionPool.OracleConnectionDispenser`3.Get(ConnectionString cs, PM conPM, ConnectionString pmCS, SecureString securedPassword, SecureString securedProxyPassword)

   at Oracle.ManagedDataAccess.Client.OracleConnection.Open()

Thank you in advance.  

Cheers,

Charl   

Best Answer

  • user8632831
    user8632831 Member Posts: 8 Red Ribbon
    edited August 2018 Accepted Answer

    Hello Everyone,

    Thank you for your help. We reworked our code and removed the Unmanaged Driver completely and only rely on the Managed Driver now.

    This solved the problem and it would seem that the Unmanaged and Managed driver in one code base creates problems.

    Hope this helps someone else.

    Best Regards,

    Charl

Answers

  • Alex Keh-Oracle
    Alex Keh-Oracle Posts: 2,751 Employee
    edited May 2018

    Hi Charl,

    If you are configuring managed ODP.NET 12.2, be sure to change the following .NET config line from:

              <version number="4.121.2.0">

    to:

              <version number="4.122.x.x">

    where x.x depends on the exact 12.2 version you are using.

  • user8632831
    user8632831 Member Posts: 8 Red Ribbon
    edited May 2018

    Hi Alex,

    Thank you for the information.

    Will this affect the issue found or are you providing a cleaner way to specify the version?

    Cheers,

    Charl

  • Alex Keh-Oracle
    Alex Keh-Oracle Posts: 2,751 Employee
    edited May 2018

    Hi Charl,

    Based on the info you provided, it will fix the issue found. You want to use managed ODP.NET 12.2 with network encryption. You currently specify the encryption settings to be used, but for a 12.1 version of the driver, rather than the 12.2 version.

  • user8632831
    user8632831 Member Posts: 8 Red Ribbon
    edited May 2018

    Hi Alex,

    Thank you for the clarification. We will attempt this in the config file.

    For clarity, the initial post refers to using the 4.121.2.0 driver, for which is the configuration was specified. The 12.2 was also downloaded from the Oracle site and we adjusted the config for it. We will try using the X.X at the end and hopefully it works!.

    Cheers,

    Charl

  • Alex Keh-Oracle
    Alex Keh-Oracle Posts: 2,751 Employee
    edited May 2018

    Hi Charl,

    You have to enter in digits to replace the X.X values. I don't know which ODP.NET 12.2 version you have. That is why I put in the X.X. If you're using the base release, then the value of X.X = 1.0. (i.e. 4.122.1.0)

  • user8632831
    user8632831 Member Posts: 8 Red Ribbon
    edited May 2018

    Hi Alex,

    We have repeated the tests using both the 12.1 and 12.2 Oracle Managed Drivers. The results are the same, with the same error message generated which are details in the original post. The screenshots attached show the details of each driver we used. We changed the configuration files settings to have the versions "4.121.2.0" and "4.122.1.0" respectively when each of the relevant drivers were deployed in the folder.

    Oracle 12.1 Managed Driver.png

    Oracle 12.2 Managed Driver.png

    Please let me know if there is something else which can be done.

    Thank you in advance.

    Cheers,

    Charl

  • Alex Keh-Oracle
    Alex Keh-Oracle Posts: 2,751 Employee
    edited May 2018

    I see you are also generating a trace at level 7. Around the beginning of the trace file output, do you see the correct client encryption settings used?

    It would be helpful if I could see the entire client trace and server traces too to see at what point the negotiation between client and server side encryption use failed. The DB server network trace level should be set at 16. If you don't feel comfortable about posting it on this forum, send them to dotnet_us(at)oracle.com.

  • Thiyagu - Oracle
    Thiyagu - Oracle Member Posts: 30
    edited May 2018

    Hi Charl

    Her the DB Server Trace  parameters

    Please add the below parameters in the sqlnet.ora

    server level 16 trace,the following setting are in the server's sqlnet.ora file .

    TRACE_LEVEL_SERVER = 16                             

    TRACE_FILE_SERVER = server                           

    TRACE_DIRECTORY_SERVER = Set full path here#< ==== this line sets the trace where to save.please make sure the directory is having read and write permissions for the user

    TRACE_TIMESTAMP_SERVER = ON

    TRACE_FILELEN_SERVER=100000

    TRACE_FILENO_SERVER=10

    DIAG_ADR_ENABLED= OFF    

    Thanks

    Thiyagu

  • user8632831
    user8632831 Member Posts: 8 Red Ribbon
    edited May 2018

    Hi Thiyagu,

    Thank you for the reply. Correct me if I am wrong, but the settings you sent are for sqlnet.ora and we are configuring the .Net web.config file.

    I will try to match the settings you sent to the .Net equivalent settings.

    Cheers,

    Charl

  • user8632831
    user8632831 Member Posts: 8 Red Ribbon
    edited May 2018

    Trace files were produced doing two iterations of testing. The only options I see is to upload images/videos, so I will sent the files to dotnet_us(at)oracle.com. I noticed a new message, which is likely due to the increased trace level. Not sure what to make of it yet, but we are continuing our search:

    [000001 30-MAY-2018 09:00:11:090] nsnainit: "or" info flags: 0x71 Translations follow:

    native service(s) is (are) wanted

    NA services are required

    [000001 30-MAY-2018 09:00:11:090] nsnainit: "or" info flags: 0x71 Translations follow:

    native service(s) is (are) wanted

    NA services are required

    "and" info flags: 0x71 Translations follow:

    native service(s) is (are) wanted

    NA services are required

  • Thiyagu - Oracle
    Thiyagu - Oracle Member Posts: 30
    edited May 2018

    Hi Charl

    Those setting need to be enabled from DB server not form client application

    Thanks

    Thiyagu

  • user8632831
    user8632831 Member Posts: 8 Red Ribbon
    edited May 2018

    Hi Thiyagu,

    Thank you for the clarification. The trace files have been sent to Oracle as per the previous comment.

    Hope they are helpful.

    Cheers,

    Charl

  • pll92
    pll92 Member Posts: 1
    edited August 2018

    Is there an answer to this? I'm having the same issue.

  • Alex Keh-Oracle
    Alex Keh-Oracle Posts: 2,751 Employee
    edited August 2018

    The underlying issue was likely due to a mis-configuration. Charl was able to get a working configuration after some further analysis.

  • user8632831
    user8632831 Member Posts: 8 Red Ribbon
    edited August 2018 Accepted Answer

    Hello Everyone,

    Thank you for your help. We reworked our code and removed the Unmanaged Driver completely and only rely on the Managed Driver now.

    This solved the problem and it would seem that the Unmanaged and Managed driver in one code base creates problems.

    Hope this helps someone else.

    Best Regards,

    Charl

This discussion has been closed.