After Applying October 2018 CPU/PSU, Auto-Login Wallet Stops Working For TDE With FIPS Mode Enabled
(Doc ID 2474806.1)
Last updated on SEPTEMBER 14, 2021
Applies to:Advanced Networking Option - Version 220.127.116.11 to 18.104.22.168 [Release 11.2]
Information in this document applies to any platform.
After applying the October 2018 Critical Patch Update to 22.214.171.124, the auto-login wallet (cwallet.sso) stops working, and the database can no longer automatically open the encryption (TDE) wallet. As a result, the database hits "ORA-28365: wallet is not open" errors. Often times, the alert log contains messages such as "kcbztek_get_tbskey: decrypting encrypted key for tablespace 1 without opening the wallet".
The errors stop if the encryption (TDE) wallet is manually opened; however, this does not address the underlying issue with the auto-login wallet.
Rolling back the October 2018 CPU/PSU, or disabling FIPS mode operation, allows the database to once again open the encryption wallet automatically.
The October 2018 PSU was applied to Oracle Database 126.96.36.199, and Transparent Data Encryption (TDE) was previously implemented.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document