0

I have an Oracle Database 12.1 server running on Oracle Linux 6.

Secure (TLS) connections were working fine until I decided to update the underlying operating system (yum update) and reboot the server. A total of 62 packages were updated (yum update log) including the kernel and OpenSSL.

Now, secure connections, from the JDBC clients and from SQL*Plus fails with handshake_failure or ORA-28860.

I have a verbose TLSv1.2 log from my JDBC client but I can't figure out what is wrong with the TLS connection.

listener.ora and sqlnet.ora

sqlnet.ora and listener.ora do not contain SSL_CIPHER_SUITES

I am sure that nothing was changed or updated on the client (either JDBC or SQL*Plus). Few minutes before the upgrade/reboot, there was no problem establishing the TLS connection.

The server runs Oracle 12.1.0.1. The TLS connection issue occurs with all tested clients which previously succeeded in establishing a secure connection:

  • ojdbc8.jar 12.2.0.1
  • ojdbc7.jar 12.1.0.2
  • SQL*Plus 12.1.0.2.0.

The SQL*Plus trace file contains an ORA-28862 ("peer closed the connection") which may be more specific than the previous ORA-28860. I will try to get the same trace file on the server side.

Paul White
95.4k30 gold badges440 silver badges689 bronze badges
asked Feb 16, 2018 at 10:09
0

1 Answer 1

1

Restarting the listener solved the issue... I can't understand what happened, as the listener was already restarted during the server reboot.

I should have tried that before.

Thanks to everyone who has taken time to help.

answered Feb 21, 2018 at 16:56

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.