How to Restrict the Lsnrctl Utility to Communicate with the Listener Using ONLY the TCPS Protocol
(Doc ID 2280787.1)
Last updated on FEBRUARY 05, 2020
Applies to:Oracle Net Services - Version 18.104.22.168 and later
Advanced Networking Option - Version 22.214.171.124 and later
Oracle Database - Enterprise Edition - Version 126.96.36.199 and later
Information in this document applies to any platform.
This document is limited in scope to a scenario where the following listener.ora file parameter is set: TCPS: SECURE_CONTROL_
Following the addition of the following listener.ora file parameter, the lsnrctl utility can no longer issues administrative commands against the listener process.
Listener.ora file has been modified to use:
Lsnrctl stop/status/services may yield the following errors:
$ lsnrctl stop LISTENER
LSNRCTL for Solaris: Version 188.8.131.52.0 - Production on 17-MAY-2017 13:50:42
Copyright (c) 1991, 2014, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=<hostname>)(PORT=<TCP_port>)))
TNS-12564: TNS:connection refused <<<<<refused due to parameter SECURE_CONTROL_LISTENER=TCPS
TNS-01194: The listener command did not arrive in a secure transport
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=<hostname>)(PORT=<SSL_port>)))
ORA-28759: failure to open file
TNS-12560: TNS:protocol adapter error
TNS-00540: SSL protocol adapter failure
The listener.ora file setting for SECURE_CONTROL_listener name may have been added recently or it has been changed to use SSL or the TCPS recently.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document