Skip to main content
P
Paul Hirose
Participating Frequently
October 13, 2023
Question

CF2021 Update 11 cannot connect to Oracle database with encryption and checksum

  • October 13, 2023
  • 2 replies
  • 2251 views

Updating to CF2021 Enterprise Update 11 on my Linux server connecting to Oracle 19c database that uses encryption & checksum breaks.  Downgrading the Oracle package from 2021.0.11 to 2021.0.05 lets me connect again.

 

While an update to the Oracle driver isn't listed in the Update 11 notes, it is indeed updated. They do mention "enhancements in ...Database, and other areas".  Searching for "database" I see some changes to MySQL and Postgres but nothing for Oracle.  I do indeed see the new files on my filesystem.  Going to the Package Manager in the CF Administrator GUI shows that it has updated to "2021.0.11.330247".  If I select "2021.0.05.330109" in the "Available Versions" and then click "Downgrade" and restart my CF instance, the datasource now connects.  Incidentally, there is no "downgrade" command in cfpm.sh so I had to actually go through using the web-gui to do the downgrade.  I'll submit a Feature Request to allow downgrade command via cfpm.sh separately.

 

The error I see in coldfusion-error.log or exception.log is "[DataDirect][Oracle JDBC Driver]ORA-12656: Cryptographic checksum mismatch"

 

I didn't change any parameter in my DataSource itself.  My Oracle database hasn't changed either. 

 

I will note I am using Amazon Linux 2 in AWS EC2 and am also using Amazon Corretto 11.0.20.9.1.  So at first, I thought it was something to do with that, and I suppose that's still possible.  I'm also seeing this in my Oracle Linux 7 system using openjdk11 as well, but that's a test system so it could have other things going on with it.  However, given that simply downgrading the Oracle package from 2021.0.11 to 2021.0.05 makes it work again, I suspect this issue is because of some undocumented Oracle driver update/change.

 

If anyone has any ideas, please chime in.

Thanks all,

PH

 

This topic has been closed for replies.

2 replies

Charlie Arehart
Community Expert
Charlie ArehartCommunity Expert
Community Expert
June 20, 2024

Paul, did you ever come to a resolution?

 

I see no further messages here since Oct 20, 2023--the last of 15 messages that happened that week after you posted the issue here. (I only clarify that to save others time--if they're using the threaded view of comments--of trying to see if there was a later reply within the various threads here.)

/Charlie (troubleshooter, carehart. org)
Charlie Arehart
Community Expert
Charlie ArehartCommunity Expert
Community Expert
October 13, 2023

While we all consider and assess that issue further, how about trying instead the jvm that Adobe supports, which is neither coretto nor openjdk but Oracle's Java? 

 

If you have people concerned about paying for it, you don't need to. Adobe has licensed it for our use with CF. And notice that the jvm Adobe offers on the "java installers" section of the cf downloads page is indeed only the Oracle jdk. That's what one should be using with CF--and Java 11 (only, for now) with CF2021 and Java 17 (only, for now) with CF2023, as are offered there.

 

I'm not saying saying changing it WILL solve your issue, but it's a couple minutes and a cf restart to then try the new update again (a few more mins). It would be great to hear whether it helps or not.

 

And even if it doesn't, this was a comment worth clarifying things for you and any other readers using other than Oracle Java. Also not saying anything will fail by using another jvm implementation. Just clarifying what's SUPPORTED. Folks do all kinds of unsupported things. It's important always to know when that's the case, for you and for us. 🙂 

/Charlie (troubleshooter, carehart. org)
P
Paul HiroseAuthor
Participating Frequently
October 14, 2023

Good point.  I wasn't even aware Adobe had made Oracle Java available for production use for ColdFusion purposes.

Having switched to that, and re-updated Oracle to 2021.0.11 again, I'm still seeing the same issue.  I did switch my jvm.config and the system info does indeed show I'm now using Oracle Corporations 11.0.20+9-LTS-256.  Downgrading the package to 2021.0.05 makes it connect ok again.

 

I have not tried connecting with "Other" datasource type and using a downloaded Oracle odbc.jar file, but I kinda figure not having to do that is one (of many) reasons to have CF-Enterprise to begin with.

 

Now that I know this is available, I may as well go switch my Oracle on all my CF instances to that.  I don't see it available as a yum repo, so I may have to manually update but I guess I can live w/that, if it makes for better compatiblity. 

 

I won't quite be able to easily swap out an entire OS, and I'm not sure we'd go down that route for the sole purpose of making CF2021-Update11-Oracle-Package work, even if that was the official answer.  And yes, that's why I did note both my OS and my Java, because it is officially unsupported.

 

I was hoping someone would chime in and say that it does work on an officially supported configuration in which case, I'd love to know the connect string configuration in your CF Admin datasource and the sqlnet.ora encryption/checksum parameters under Oracle 19c that does work (other than none.)

 

P
Paul HiroseAuthor
Participating Frequently
October 14, 2023

Sigh.  Meant to say I may as well go switch my Java to Oracle on all my CF instances 🙂

 

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices