How to Restrict the Lsnrctl Utility to Communicate with the Listener Using ONLY the TCPS Protocol
(Doc ID 2280787.1)
Last updated on MARCH 31, 2022
Applies to:
Oracle Net Services - Version 12.1.0.1 and laterAdvanced Networking Option - Version 12.1.0.1 and later
Oracle Database - Enterprise Edition - Version 12.1.0.1 and later
Information in this document applies to any platform.
This document is limited in scope to a scenario where the following listener.ora file parameter is set: TCPS: SECURE_CONTROL_
Symptoms
Following the addition of the following listener.ora file parameter, the lsnrctl utility can no longer issues administrative commands against the listener process.
Listener.ora file has been modified to use:
SECURE_CONTROL_listener name=(TCPS)
Lsnrctl stop/status/services may yield the following errors:
$ lsnrctl stop LISTENER
LSNRCTL for Solaris: Version 12.1.0.2.0 - Production on 17-MAY-2017 13:50:42
Copyright (c) 1991, 2014, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=<hostname>)(PORT=<TCP_port>)))
TNS-12564: TNS:connection refused <<<<<refused due to parameter SECURE_CONTROL_LISTENER=TCPS
TNS-01194: The listener command did not arrive in a secure transport
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=<hostname>)(PORT=<SSL_port>)))
ORA-28759: failure to open file
TNS-12560: TNS:protocol adapter error
TNS-00540: SSL protocol adapter failure
Changes
The listener.ora file setting for SECURE_CONTROL_listener name may have been added recently or it has been changed to use SSL or the TCPS recently.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |