In our development environment, users found the issue No matching authentication protocol while connecting to Oracle Database 19c through Oracle Client 8 or 9.2. The ORA-28040 error is an indication of a mismatch between the authentication protocol used by the client and the server.
This article aims to provide insights into the ORA-28040 error, its causes, and effective solutions to rectify the issue. By understanding, this error and implementing the recommended measures. you can ensure a robust and secure authentication process in your Oracle database.
Issue ORA-28040 Description:
Cause of ORA-28040:
We identified that that same error message happened while user using old JDBC driver or below to Oracle database version 18c or 19c.
In my case Oracle Administrator has upgraded database to 19c from 11g while Development team is facing same error message those who are using PL/SQL developer version 8 or 9.2.
This error message shows that there is compatibility issue between oracle database and Oracle Client.
The version of the JDBC driver being used is 8 or 9i. This is confirmed based on the fact that the package oracle.jdbc.ttc7 only exists in JDBC 9i and not in later driver releases such as JDBC 18c or 19c.
Resolution:
We discussed the above mention reasons about ORA-28040, we got the compatible authentication protocol for either client side or server side. But now the challenge is at what side we have to add configuration on server side or client side.
Actually if you Oracle Database Administrator you have full administrator privileges to do some configuration into Sqlnet.ora file to fix this issue once instead all users / developers have to upgrade the client version.
Henceforth, I have decide to split the resolution into two parts for better understanding against error message ORA-28040. The first part is for server side, the other one is for client side.
1- Identifying the Causes:
If you are network Administrator and have full rights to do changes into file from server side, then you have to change or add one line to resolve ORA-28040 issue for all users in just a minute and not to do any change on developer or user side.
I have searched many posts on the issue ORA-27040 over the internet but found one post of Oracle documentation about “Parameters for the sqlnet.ora File” which was very helpful for me to rectify the issue ORA-28040.
Resolving the ORA-28040 Error:
Here we will discuss in detail how to rectify the issue ORA-28040 on database 18c or 19c server side by adding below line into sqlnet.ora file.
Add one line SQLNET.ALLOWED_LOGON_VERSION_SERVER=8
Then save the file then ask the developers or user to check it now. The changes will applied and no need to restart listener just make sure the changes are correct.
Hopefully error message ORA-28040 will not show again after doing above changes.
2- Resolution Issue ORA-28040 on Client Side
Till now as per my experience all each oracle advance or latest version has much compatibility or support with old version but even third party tolls don’t have the support for connectivity with Oracle database server. Since Oracle 12.1 database claims that it is compatible with ojdbc6.jar for JDK 6 or ojdbc7.jar for JDK 7. JDK 14 or below do not has connectivity support for clients to connect through the authenticated protocol of an 18c or 19c database.
If you are developer or end user and have not access or privileges to do any change in sqlnet.ora file then need to update oracle client along oracle JDBC Driver.
Download Oracle Client to resolve issue ORA28040
Here I recommended to developers to upgrade oracle Client of 18c/19c or 21c from Oracle Database Software Download Link to download as respect Operating System Architecture like Windows OS or Linux OS. after doing this activity there was no more error message ORA-28040: No matching authentication protocol and every body was happy and further engage their work.
More information for JDBC developers can be found at Oracle Database JDBC Developer’s Guide: Version Compatibility for Oracle JDBC Drivers.
Conclusion:
The ORA-28040 error related to authentication protocol mismatch can be resolved by updating the client software, adjusting server-side configuration, and ensuring compatibility of encryption settings. By adhering to best practices for authentication protocol management, you can mitigate the occurrence of this error and fortify the security of your Oracle database. Follow the recommended solutions and adopt proactive measures to maintain a secure authentication environment, safeguard your data, and maintain compliance with industry standards.
Read Also