UTL_HTTP Fails To Access A Webservice From A 11g Database When The Target Host Has Disabled The SSL v3.0 Protocol (Doc ID 1996347.1)

Last updated on SEPTEMBER 11, 2020

Applies to:

Oracle Database - Standard Edition - Version 11.2.0.3 to 11.2.0.4 [Release 11.2]
Information in this document applies to any platform.

Symptoms

The attempt to access a webservice from a 11g database might fail with "ORA-28860: Fatal SSL error" or "ORA-29259: end-of-input reached" when SSL v3.0 has been disabled by the webservice.

The tcpdump on the outgoing interface on the database server shows that the 11.2 client sends TLSv1 in the client hello but the packet header uses SSLv3 for compatibility and this is rejected by the target server which has SSLv3 disabled:

Secure Sockets Layer
TLSv1 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: SSL 3.0 (0x0300)==============================> SSL v3.0 protocol header
Length: 61
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 57
Version: TLS 1.0 (0x0301)=============================> TLSv1 protocol client hello

There is no way to specify the protocol to be used in sqlnet.ora as the package UTL_HTTP is not using the database sqlnet.ora.

Changes

The remote web server has disabled ssl v3.0

Cause

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

UTL_HTTP Fails To Access A Webservice From A 11g Database When The Target Host Has Disabled The SSL v3.0 Protocol (Doc ID 1996347.1)

Applies to:

Symptoms

Changes

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!