AES256_SHA256_RSAPSS security setting

Questions regarding the use of the .NET SDK 2.0 for Server or Client development or integration into customer products ...

Moderator: uasdknet

Post Reply
Jr. Member
Jr. Member
Posts: 1
Joined: 10 Feb 2020, 09:10

AES256_SHA256_RSAPSS security setting

Post by dotnet_developer034 »


I am developing a OPC UA client using the .NET SDK. I want my client to be able to connect to a server using any of the supported security settings, and all of them seem to work fine except for the AES256_SHA256_RSAPSS Sign and AES256_SHA256_RSAPSS Sign&Encrypt settings.

When I try to connect to the endpoint using this setting, I get the following error:
"[BadSecurityPolicyRejected] Error during EndConnect.|StatusException|Provider does not support the specified policy."

In the beginning I thought that it was my server which did not support this setting. But when I connect to the server using the UA Expert with this setting, it works just fine.

Any ideas what I am doing wrong?

User avatar
Support Team
Hero Member
Hero Member
Posts: 2521
Joined: 18 Mar 2011, 15:09

Re: AES256_SHA256_RSAPSS security setting

Post by Support Team »


the .NET based OPC UA SDK uses .NET Framework functions for doing the encryption. The very latest security policies of OPC Foundation do not have any equivalent in the (old) .NET Frameworks. For that reason you must check which .NET Framework your application is based on. The .NET based OPC UA SDK v3.x. can use the .NET Standard, hence can use the latest security features.

The Security Provider in your Client application seems to not support the selected SecurityPolicy, which is was the error log says.
Best regards
Unified Automation Support Team

Post Reply