Page 1 of 1

AES256_SHA256_RSAPSS security setting

Posted: 10 Feb 2020, 09:26
by dotnet_developer034
Hello

I am developing a OPC UA client using the .NET SDK. I want my client to be able to connect to a server using any of the supported security settings, and all of them seem to work fine except for the AES256_SHA256_RSAPSS Sign and AES256_SHA256_RSAPSS Sign&Encrypt settings.

When I try to connect to the endpoint using this setting, I get the following error:
"[BadSecurityPolicyRejected] Error during EndConnect.|StatusException|Provider does not support the specified policy."

In the beginning I thought that it was my server which did not support this setting. But when I connect to the server using the UA Expert with this setting, it works just fine.

Any ideas what I am doing wrong?

Re: AES256_SHA256_RSAPSS security setting

Posted: 05 May 2020, 17:46
by Support Team
Hello,

the .NET based OPC UA SDK uses .NET Framework functions for doing the encryption. The very latest security policies of OPC Foundation do not have any equivalent in the (old) .NET Frameworks. For that reason you must check which .NET Framework your application is based on. The .NET based OPC UA SDK v3.x. can use the .NET Standard, hence can use the latest security features.

The Security Provider in your Client application seems to not support the selected SecurityPolicy, which is was the error log says.