Datatombraider's Blog



Filed under: Oracle — datatombraider @ 19:31

The Advanced Security Option, an option with costs of course, has the nice feature to secure database connections using SSL (authentication and encryption). Unfortunately TLS does not work ( 64bit on RHEL5). if you select TLS in NETMGR, it inserts ssl_version=3.1 in sqlnet.ora but SQL*Net has some problems with it. All connections fail with ‘ORA-12560: TNS:protocol adapter error’ which doesn’t say much.

sqlnet.log has some more details:

TNS for Linux: Version – Production
Time: 29-JAN-2011 15:57:53
Tracing to file: ^D<9B><9B>
Tns error struct:
ns main err code: 12560

TNS-12560: TNS:protocol adapter error
ns secondary err code: 0
nt main err code: 549

TNS-00549: value specified for the SSL version is not valid
nt secondary err code: 0
nt OS err code: 0

note the tracefile name, looks like uninitialized memory to me but that’s not important for now. basically the ssl version is not valid.

the trace file (level=support) has some more funny information:

2011-01-29 15:57:53.857338 : ntzGetStringParameter:found value for “ssl_version” configuration parameter: “3.1”
2011-01-29 15:57:53.857356 : ntzGetStringParameter:exit
2011-01-29 15:57:53.857373 : ntzConvertToNumeric:entry
2011-01-29 15:57:53.857400 : ntzConvertToNumeric:value specified for SSL client authentication (“3.1”) is not boolean
2011-01-29 15:57:53.857427 : ntzConvertToNumeric:failed with error 549

it seems only numeric values are allowed and because NETMGR put ‘3.1’ in it, the parser gets confused (i didn’t configure ssl_client_authentication at all). the workaround is not to specify ssl_version but the ssl_ciphers used by TLS, for instance


After making the changes on client and server, i can establish ssl-connections using TLS ciphers.

It’s actually a known problem (Bug 9682150: SSL_VERSION=3.1 IS CAUSING ORA-12560 IN SSL AUTHENTICATION), opened 4-May-2010 but still not fixed, which is a shame.


Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at