ORA-28040: No matching authentication protocol after Oracle 12c upgrade.

After Oracle 12c upgrade users started seeing below errors

ORA-28040: No matching authentication protocol

The main issue is older versions of drivers will not able to connect 12c server. In Oracle 12.1, the default value for the SQLNET.ALLOWED_LOGON_VERSION parameter is set to 11. This means that database clients using pre-11g drivers cannot authenticate to 12.1 database servers unless the SQLNET.ALLOWED_LOGON_VERSION parameter is set to the old default of 8 in $ORACLE_HOME/network/admin/sqlnet.ora

This can be done by using either :

SQLNET.ALLOWED_LOGON_VERSION_SERVER=8 (JDBC 10g drivers by default support this security version implementation)
OR
SQLNET.ALLOWED_LOGON_VERSION_SERVER=10 (If you had applied the patch 6779501, on JDBC 10.2.0.4 / 10.2.0.5, OR if the jar is bundled with Weblogic Server)
OR
The alternative is to leave the default SQLNET.ALLOWED_LOGON_VERSION_SERVER=11 on the database and upgrade the JDBC clients. You can download the JDBC 11g or 12c from http://www.oracle.com/technetwork/database/features/jdbc/index-091264.html

Note that SQLNET.ALLOWED_LOGON_VERSION has been deprecated in 12c.

Even after updating above values users might receive below error.
ORA-01017: invalid username/password: logon denied

In this case users need to add following parameter to sqlnet.ora
SQLNET.AUTHENTICATION_SERVICES = (NONE)

Also few users received ORA-28040 error when creating older version of databases (for ex: 10g) using DBCA

Reference :
Error "ORA-28040: No matching authentication protocol" When Using SQLNET.ALLOWED_LOGON_VERSION ( Doc ID 755605.1 )
JDBC Version 10.2.0.4 Produces ORA-28040 Connecting To Oracle 12c (12.1.0.2) Database ( Doc ID 2023160.1 ).

Thanks
Satishbabu Gunukula, Oracle ACE
https://oracleracexpert.com