ORA-28040: No matching authentication protocol exception

Madeesha’s Tech Space
1 min readMar 28, 2018

We are experiencing this issue most of the time when upgrading Oracle database to 12c. The issue is internal application failed with the following error:

“Caused by: java.sql.SQLException: ORA-28040: No matching authentication protocol”

This error is caused by the unsupported combination of JDBC/JDK/Database components. The reason for this is mismatching of the authentication protocol with the JDBC client and the Oracle database server. the problem lies in the fact that both Oracle 10g and 11g use SHA-1 protocol whereas Oracle 12c uses SHA-2 protocol. While SHA-2 protocol by itself is not causing the error, It is the default setting for SQLNET.ALLOWED_LOGON_VERSION_SERVER that is causing the error. In earlier versions, the default was 8 whereas it is 11 in Oracle 12c; therefore all client versions 10 and below may get the ORA-28040 error.

The workaround for this is to set SQLNET.ALLOWED_LOGON_VERSION_SERVER in sqlnet.ora file to a lower Oracle version like 8 or 9 which are compatible with the client-server authentication when using unsupported JDBC drivers with Oracle DB 12c. This parameter actually specifies the minimum authentication protocol that a client is allowed to use when connecting to Oracle Database instances.

Apart from the workaround, to avoid this issue you can Upgrade your JDBC driver client to 11g or JDBC 12c.