Oracle JDBC Connection Fails with ORA-12650 or ORA-17002 (4380281)

When attempting to connect to an Oracle database using Foglight FglAM via JDBC, the connection may fail with one of the following errors:

• ORA-12650: No common encryption or data integrity algorithm
• ORA-17002: I/O error: Connection closed

These errors typically occur due to mismatched encryption settings between the Oracle server and the JDBC client, or due to SSL/TLS handshake failures.

The Oracle server is configured to require encryption and data integrity using specific algorithms. If the JDBC client does not offer compatible algorithms, the connection fails with ORA-12650.

If SSL is enabled (useSSL=true) but the server is not properly configured for SSL or the client lacks the necessary truststore setup, the connection may fail with ORA-17002.

Example server-side sqlnet.ora settings:

SQLNET.ENCRYPTION_SERVER = REQUIRED
SQLNET.ENCRYPTION_TYPES_SERVER = (AES256)
SQLNET.CRYPTO_CHECKSUM_SERVER = REQUIRED

To resolve this issue, configure the encryption and checksum settings using the Agent Status Properties for the Oracle agent in Foglight. Use the following dropdown fields for this example:

• Encryption Level: required
• Encryption Types: AES256
• Checksum Level: required
• Checksum Types: SHA256

This ensures the agent offers compatible algorithms for both encryption and data integrity, matching the server's requirements.

Enable the UseSSL checbox

• Confirm the Oracle listener is configured for SSL.
• Ensure the correct port is used (typically 2484 for SSL).
• If the server uses a self-signed certificate, import it into a Java truststore and configure Foglight’s JVM as described in Knowledgebase article 4228863

• If SSL is not required, set useSSL=false and rely on SQL*Net encryption.
• Always verify the server’s sqlnet.ora settings to ensure compatibility.
• Use verbose logging to troubleshoot handshake or negotiation issues.