My Oracle Support Banner

Oracle RDBMS 11g Standard Edition: Various Errors After Implementing Kerberos, Native Encryption, TCPS/SSL, or RADIUS (Doc ID 1930944.1)

Last updated on AUGUST 04, 2018

Applies to:

Oracle Database - Standard Edition - Version 11.2.0.1 to 11.2.0.4 [Release 11.2]
Information in this document applies to any platform.

Symptoms

Using Oracle Database Server 11gR2 Standard Edition,
after implementing various legacy Advanced Security Option (ASO) features (e.g. Kerberos, Native Encryption, TCPS/SSL, RADIUS),
various errors are received when connecting via the listener:

ORA-12660: Encryption or crypto-checksumming parameters incompatible
ORA-12657: No algorithms installed
ORA-12649: Unknown encryption or data integrity algorithm
ORA-12637: Packet receive failed
TNS-12557: TNS:protocol adapter not loadable
TNS-12560: TNS:protocol adapter error
TNS-00527: Protocol Adapter not loadable

The Oracle documentation specifies:

"Network encryption (native network encryption and SSL/TLS) and strong authentication services (Kerberos, PKI, and RADIUS) are no longer part of Oracle Advanced Security and are available in all licensed editions of all supported releases of the Oracle database."

This is true from a licensing point of view.  Technically, the 11gR2 Standard Edition (SE) binaries are not linked with SSL, Kerberos and Radius adapters; these adapters are not enabled out-of-the-box on 11gR2 Standard Edition.

To compare, here is the output from an 11gR2 Standard Edition installation running on Linux:

(Note the lines reading "Kerberos v5 authentication" and "RADIUS authentication", which do not appear in the Standard Edition output.)

 

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.