My Oracle Support Banner

How To Investigate And Troubleshoot SSL/TLS Issues on the Database And Client SQL*Net Layer (Doc ID 2238096.1)

Last updated on MARCH 12, 2021

Applies to:

Advanced Networking Option - Version 9.2 to 12.2.0.1 [Release 9.2 to 12.2]
Information in this document applies to any platform.

Purpose

 This note is a step by step guide to troubleshoot the most known SSL/TLS errors. 

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Details
 Troubleshooting steps 
  2) Verify the listener.ora and sqlnet.ora files on the database server
 3) Verify the permissions of the wallet files
 4) Check the SSL_VERSION 
 5) Enable sqlnet tracing for the listener and sqlplus connections.
 6) Use openssl to verify the TLS protocol,cipher suites and the certificates:
 7) Generate a tcpdump
 8) Get a trace for the event 10937  for utl_http service:
 
 9)  Verify the patching version
 Known issues
 TNS:protocol adapter error (ORA-12560)
  ORA-29024:Certificate Validation Failure
 ORA-29143: Message 29143 not found
 ORA-29106: Can not import PKCS # 12 wallet
 ORA-28860: Fatal SSL error
 ORA-29263: HTTP protocol error
  After COST is implemented the services do NOT register with the SCAN listeners.
 ORA-29259: end-of-input reached
 ORA-28750: unknown error
 ORA-28857: Unknown SSL Error
 ORA-31202: DBMS_LDAP: LDAP client/server error: Unable to open wallet
 ORA-28756: CALLBACK FAILURE TO ALLOCATE MEMORY
 ORA-28864: SSL connection closed gracefully
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.