Forum Discussion

dkalidan's avatar
dkalidan
Copper Contributor
Jun 24, 2024

Dotnet core Oracle 23c SSL connection not working on Linux environment and works on Windows

Our data direct ADO.NET oracle driver is having an issue with SSL connection on Linux platform and the same connection is working on windows environment with Oracle23c server.

 

Are there any known  limitations with dotnet core on linux environment with SSL/TLS connections.

 

Trace :

 InnerException: System.IO.IOException
Message: Unable to read data from the transport connection: Connection reset by peer.
Source: System.Net.Sockets
Stack Trace
at System.Net.Sockets.NetworkStream.Read(Span`1 buffer)
at System.Net.Security.SslStream.EnsureFullTlsFrameAsync[TIOAdapter](TIOAdapter adapter)
at System.Net.Security.SslStream.ReadAsyncInternal[TIOAdapter](TIOAdapter adapter, Memory`1 buffer)
at System.Net.Security.SslStream.Read(Byte[] buffer, Int32 offset, Int32 count)

 

The same application works on Windows environment. 

 

 

 

 

 

.net core
  • julianpapaya's avatar
    julianpapaya
    Copper Contributor
    Feb 24, 2025

    The issue you're encountering with SSL/TLS connections in a .NET Core application on Linux, while it works on Windows, is not uncommon. There are several potential reasons for this discrepancy, and here are some steps and considerations to help you troubleshoot and resolve the issue:

    1. SSL/TLS Version and Cipher Suites

    • Windows and Linux Differences: Windows and Linux might have different default SSL/TLS versions and cipher suites. Ensure that the SSL/TLS version and cipher suites supported by the Oracle 23c server are also supported by the .NET Core runtime on Linux.
    • Configuration: You can configure the SSL/TLS protocols and cipher suites in your .NET Core application. For example, you can explicitly set the SSL/TLS version in your code:
      ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls13;

      2. Certificates

      • Certificate Validation: Ensure that the SSL certificate used by the Oracle 23c server is trusted by the Linux environment. You might need to install the CA certificate in the Linux certificate store.
      • Certificate Chain: Sometimes, the certificate chain might not be fully trusted on Linux. You can use tools like openssl to verify the certificate chain:
        openssl s_client -connect <oracle_server>:<port> -showcerts

        3. Oracle Data Provider for .NET (ODP.NET)

        • Driver Version: Ensure you are using the latest version of the Oracle Data Provider for .NET (ODP.NET) that supports .NET Core and Oracle 23c.
        • Configuration: Check the ODP.NET configuration for any platform-specific settings. Sometimes, the TNS_ADMIN environment variable or the tnsnames.ora file might need to be correctly set up on Linux.

        4. Network and Firewall

        • Firewall Rules: Ensure that there are no firewall rules or network policies that might be causing the connection to be reset on Linux.
        • Network Configuration: Verify that the network configuration on Linux allows outbound connections to the Oracle server on the required port.

        5. .NET Core Runtime

        • Runtime Version: Ensure that you are using a compatible version of the .NET Core runtime on Linux. Some versions might have bugs or limitations related to SSL/TLS.
        • Patches and Updates: Make sure your .NET Core runtime is up-to-date with the latest patches.

        6. Environment Variables

        • SSL/TLS Environment Variables: Sometimes, setting specific environment variables can help. For example, you can set the DOTNET_SYSTEM_NET_SECURITY_ENABLESSLV3 or DOTNET_SYSTEM_NET_SECURITY_TLS13 environment variables to control SSL/TLS behavior.

        7. Logging and Diagnostics

        • Enable Detailed Logging: Enable detailed logging in your .NET Core application to get more insights into what might be going wrong. You can enable logging for System.Net.Security to get more details about the SSL/TLS handshake.
        • Oracle Trace: Enable Oracle client tracing to get more details about the connection attempt.

        Example Code to Set SSL/TLS Version:

        using System;
        using System.Net;
        using System.Net.Security;
        using System.Security.Authentication;
        using Oracle.ManagedDataAccess.Client;

        class Program
        {
            static void Main()
            {
                // Set the SSL/TLS version
                ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls13;

                // Your connection string
                string connectionString = "User Id=your_user;Password=your_password;Data Source=your_tnsname;";

                using (OracleConnection conn = new OracleConnection(connectionString))
                {
                    try
                    {
                        conn.Open();
                        Console.WriteLine("Connection successful!");
                    }
                    catch (Exception ex)
                    {
                        Console.WriteLine("Connection failed: " + ex.Message);
                    }
                }
            }
        }


        The issue is likely related to differences in SSL/TLS configuration or certificate handling between Windows and Linux. By ensuring that the SSL/TLS versions, cipher suites, and certificates are correctly configured, you should be able to resolve the connection issue on Linux. If the problem persists, consider reaching out to Oracle support or the .NET community for further assistance. Stylish Name Generator

  • alihubs's avatar
    alihubs
    Copper Contributor
    Feb 01, 2025

    When dealing with SSL connection issues between .NET Core and Oracle 23c in a Linux environment (while it works on Windows), the problem is often related to differences in SSL/TLS configuration, certificates, or libraries between the two operating systems. Below are steps to diagnose and resolve the issue:

    ---

    ### **1. Verify Oracle Client and .NET Core Configuration**
    - **Oracle Data Provider for .NET (ODP.NET):** Ensure you are using the latest version of ODP.NET Core that supports Oracle 23c.
    - **Oracle Instant Client:** Install the correct version of Oracle Instant Client on Linux. Ensure it matches the architecture (x64 or ARM) and version required by Oracle 23c.

    ---

    ### **2. Check SSL/TLS Configuration**
    - **Oracle Server Configuration:** Verify that the Oracle 23c server is configured to accept SSL/TLS connections. Check the `sqlnet.ora` and `listener.ora` files for SSL-related settings.
    - **.NET Core Configuration:** Ensure your .NET Core application is configured to use the correct SSL/TLS protocol (e.g., TLS 1.2 or higher).

    ---

    ### **3. Certificates**
    - **Certificate Installation:** On Linux, ensure the Oracle server's SSL certificate is installed in the correct certificate store. Linux typically uses the `/etc/ssl/certs` directory or a custom directory specified in the environment.
    - **Trusted Root Certificates:** Ensure the root CA certificate for the Oracle server's SSL certificate is trusted on the Linux machine. Use the `update-ca-certificates` command to update the trusted certificates.
    - **Certificate Permissions:** Ensure the certificate files have the correct permissions (readable by the user running the .NET Core application).

    ---

    ### **4. Environment Variables**
    Set the following environment variables on Linux to ensure the Oracle client can locate the SSL certificates and configuration:
    ```bash
    export TNS_ADMIN=/path/to/tns_admin_directory
    export ORACLE_HOME=/path/to/oracle_instant_client
    export LD_LIBRARY_PATH=$ORACLE_HOME:$LD_LIBRARY_PATH
    ```
    - Replace `/path/to/tns_admin_directory` with the directory containing `sqlnet.ora` and `tnsnames.ora`.
    - Replace `/path/to/oracle_instant_client` with the path to your Oracle Instant Client installation.

    ---

    ### **5. SSL Wallet Configuration**
    If the Oracle server uses an SSL wallet, ensure the wallet is correctly configured on Linux:
    - Copy the wallet files (e.g., `cwallet.sso`, `ewallet.p12`) to the Linux machine.
    - Update the `sqlnet.ora` file to point to the wallet location:
      ```
      WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = /path/to/wallet)))
      SSL_CLIENT_AUTHENTICATION = FALSE
      ```

    ---

    ### **6. Debugging the Connection**
    - **Enable Oracle Logging:** Enable detailed logging for the Oracle client to identify SSL-related errors. Add the following to `sqlnet.ora`:
      ```
      TRACE_LEVEL_CLIENT = 16
      TRACE_DIRECTORY_CLIENT = /path/to/logs
      TRACE_FILE_CLIENT = ora_ssl.log
      ```
    - **Check .NET Core Logs:** Use logging in your .NET Core application to capture any exceptions or errors related to the SSL connection.

    ---

    ### **7. Common Issues and Fixes**
    - **Mismatched SSL/TLS Versions:** Ensure both the Oracle server and .NET Core application are configured to use compatible SSL/TLS versions (e.g., TLS 1.2).
    - **Missing Dependencies:** On Linux, ensure all required libraries (e.g., `libaio`, `libnsl`) are installed.
    - **Firewall or Network Issues:** Verify that the Linux machine can reach the Oracle server on the required port (e.g., 2484 for SSL).
    - **Time Synchronization:** Ensure the system clocks on both the Linux machine and Oracle server are synchronized. SSL/TLS connections can fail if there is a significant time difference.

    ---

    ### **8. Example .NET Core Connection String**
    Ensure your connection string includes the correct SSL settings:
    ```csharp
    string connectionString = "User Id=your_user;Password=your_password;Data Source=(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=your_host)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=your_service_name))(SECURITY=(SSL_SERVER_CERT_DN=\"your_server_cert_dn\")))";
    ```

    ---

    ### **9. Test with a Simple Application**
    Create a minimal .NET Core application to test the SSL connection:
    ```csharp
    using Oracle.ManagedDataAccess.Client;

    class Program
    {
        static void Main()
        {
            string connectionString = "your_connection_string";
            using (var connection = new OracleConnection(connectionString))
            {
                connection.Open();
                Console.WriteLine("Connected successfully!");
            }
        }
    }
    ```

    ---

    ### **10. Compare Windows and Linux Environments**
    - Check for differences in Oracle client versions, certificate configurations, and environment variables between Windows and Linux.
    - Use tools like `openssl` on Linux to verify the SSL connection to the Oracle server:
      ```bash
      openssl s_client -connect your_host:2484 -showcerts
      ```

    ---

    By following these steps, you should be able to identify and resolve the SSL connection issue between .NET Core and Oracle 23c on Linux. If the problem persists, consult the Oracle documentation or support for further assistance.

  • shanewatson5091's avatar
    shanewatson5091
    Copper Contributor
    Nov 28, 2024

    On Linux, .NET Core relies on OpenSSL for SSL/TLS operations, while on Windows, it uses the SChannel library. Differences in configuration, supported protocols, or cipher suites may lead to compatibility issues.

    Steps to Resolve:

    1. Check OpenSSL Version:
      • Run the following command on your Linux environment:
      • bashopenssl version
      • Ensure you are using a version compatible with your Oracle 23c server (preferably OpenSSL 1.1.x or higher).
    2. Verify Supported TLS Versions:
      • Confirm the TLS version used by the Oracle server (e.g., TLS 1.2 or TLS 1.3) matches the OpenSSL configuration dubai metro map on Linux 👈. You can enforce the TLS version in your code by configuring the SslProtocols:csharpSslProtocols.Tls12
    3. Check Cipher Suites:
      • Use OpenSSL to list available cipher suites:bashopenssl ciphers -v
      • Ensure the Oracle server supports at least one of these ciphers.

Resources