On October 14th, Oracle release the latest version of their Oracle Managed Client which was described to support Network Data Encryption.

http://www.oracle.com/technetwork/topics/dotnet/tech-info/odac12cr4ds-2704217.pdf https://www.nuget.org/packages/Oracle.ManagedDataAccess/

Although for some reason after trying multiple configuration, we still weren't able to get it to work. We keep getting the infamous ORA-12570: Network Session: Unexpected packet read error exception wrapped in The provider did not return a ProviderManifestToken string. The error in the alert log is the following TNS-12599: TNS:cryptographic checksum mismatch

We did confirm with the DBA that we were using the supported encryption algorithm.

At this point, my only additional settings are the following:

  <settings>
    <setting name="SQLNET.AUTHENTICATION_SERVICES" value="NTS" />
    <setting name="NAMES.DIRECTORY_PATH" value="LDAP,tnsnames" />
  </settings>

EDIT: Upgrade to ODP.NET Managed 12.2 or later. Support for data integrity algorithms was introduced there: https://docs.oracle.com/cd/E85694_01/ODPNT/featConnecting.htm#ODPNT8536

ODP.NET, Managed Driver 12.1 and earlier did not yet support data integrity algorithms:

http://docs.oracle.com/cd/E63277_01/win.121/e63268/featConnecting.htm#CJAGFFCA

This leads to the TNS-12599: TNS:cryptographic checksum mismatch error in your database alert log which in turn causes various client side errors such as ORA-12570: Network Session: Unexpected packet read error or ORA-12537: Network Session: End of file.

If you are forced to use ODP.NET managed version 12.1 and cannot upgrade to 12.2 or later, this can be fixed by changing database side SQLNET.ORA parameters, such that checksums are not REQUIRED:

sqlnet.crypto_checksum_client = ACCEPTED

sqlnet.crypto_checksum_server = ACCEPTED