How To Investigate And Troubleshoot SSL/TLS Issues on the Database And Client SQL*Net Layer
(Doc ID 2238096.1)
Last updated on FEBRUARY 20, 2023
Applies to:
Advanced Networking Option - Version 9.2 to 12.2.0.1 [Release 9.2 to 12.2]Information in this document applies to any platform.
Purpose
This note is a step by step guide to troubleshoot the most known SSL/TLS errors.
Scope
Details
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Purpose |
| Scope |
| Details |
| Troubleshooting steps |
| 2) Verify the listener.ora and sqlnet.ora files on the database server |
| 3) Verify the permissions of the wallet files |
| 4) Check the SSL_VERSION |
| 5) Enable sqlnet tracing for the listener and sqlplus connections. |
| 6) Use openssl to verify the TLS protocol,cipher suites and the certificates: |
| 7) Generate a tcpdump |
| 8) Get a trace for the event 10937 for utl_http service: |
| 9) Verify the patching version |
| Known issues |
| TNS:protocol adapter error (ORA-12560) |
| ORA-29024:Certificate Validation Failure |
| ORA-29143: Message 29143 not found |
| ORA-29106: Can not import PKCS # 12 wallet |
| ORA-28860: Fatal SSL error |
| ORA-29263: HTTP protocol error |
| After COST is implemented the services do NOT register with the SCAN listeners. |
| ORA-29259: end-of-input reached |
| ORA-28750: unknown error |
| ORA-28857: Unknown SSL Error |
| ORA-31202: DBMS_LDAP: LDAP client/server error: Unable to open wallet |
| ORA-28756: CALLBACK FAILURE TO ALLOCATE MEMORY |
| ORA-28864: SSL connection closed gracefully |
| References |