How to Restrict the Lsnrctl Utility to Communicate with the Listener Using ONLY the TCPS Protocol (Doc ID 2280787.1)

Last updated on JULY 03, 2017

Applies to:

Oracle Net Services - Version 12.1.0.1 and later
Information in this document applies to any platform.
This document is limited in scope to a scenario where the following listener.ora file parameter is set: TCPS: SECURE_CONTROL_=(TCPS). This setting would restrict communication between the lsnrctl utility and the listener process to use ONLY the secure protocol TCPS.

Symptoms

Following the addition of the following listener.ora file parameter, the lsnrctl utility can no longer issues administrative commands against
the listener process.

Listener.ora file has been modified to use:

SECURE_CONTROL_listener name=(TCPS)

Lsnrctl stop/status/services may yield the following errors:

$ lsnrctl stop LISTENER

LSNRCTL for Solaris: Version 12.1.0.2.0 - Production on 17-MAY-2017 13:50:42

Copyright (c) 1991, 2014, Oracle. All rights reserved.

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=myhost)(PORT=1521))) TNS-12564: TNS:connection refused <<<<<refused due to parameter SECURE_CONTROL_LISTENER=TCPS TNS-01194: The listener command did not arrive in a secure transport Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=myhost)(PORT=1522))) ORA-28759: failure to open file TNS-12560: TNS:protocol adapter error TNS-00540: SSL protocol adapter failure

Changes

 The listener.ora file setting for SECURE_CONTROL_listener name may have been added recently or it has been changed to use SSL or the TCPS recently.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms