My Oracle Support Banner

How to Restrict the Lsnrctl Utility to Communicate with the Listener Using ONLY the TCPS Protocol (Doc ID 2280787.1)

Last updated on MARCH 31, 2022

Applies to:

Oracle Net Services - Version and later
Advanced Networking Option - Version and later
Oracle Database - Enterprise Edition - Version and later
Information in this document applies to any platform.
This document is limited in scope to a scenario where the following listener.ora file parameter is set: TCPS: SECURE_CONTROL_=(TCPS). This setting would restrict communication between the lsnrctl utility and the listener process to use ONLY the secure protocol TCPS.


Following the addition of the following listener.ora file parameter, the lsnrctl utility can no longer issues administrative commands against the listener process.

Listener.ora file has been modified to use:

SECURE_CONTROL_listener name=(TCPS)

Lsnrctl stop/status/services may yield the following errors:

$ lsnrctl stop LISTENER

LSNRCTL for Solaris: Version - Production on 17-MAY-2017 13:50:42

Copyright (c) 1991, 2014, Oracle. All rights reserved.

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=<hostname>)(PORT=<TCP_port>)))
 TNS-12564: TNS:connection refused                        <<<<<refused due to parameter SECURE_CONTROL_LISTENER=TCPS
 TNS-01194: The listener command did not arrive in a secure transport
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=<hostname>)(PORT=<SSL_port>)))
 ORA-28759: failure to open file
 TNS-12560: TNS:protocol adapter error
 TNS-00540: SSL protocol adapter failure


 The listener.ora file setting for SECURE_CONTROL_listener name may have been added recently or it has been changed to use SSL or the TCPS recently.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.