I have an Oracle Database 12.1 server running on Oracle Linux 6.
Secure (TLS) connections were working fine until I decided to update the underlying operating system (yum update) and reboot the server. A total of 62 packages were updated (yum update log) including the kernel and OpenSSL.
Now, secure connections, from the JDBC clients and from SQL*Plus fails with handshake_failure or ORA-28860.
I have a verbose TLSv1.2 log from my JDBC client but I can't figure out what is wrong with the TLS connection.
sqlnet.ora and listener.ora do not contain SSL_CIPHER_SUITES
I am sure that nothing was changed or updated on the client (either JDBC or SQL*Plus). Few minutes before the upgrade/reboot, there was no problem establishing the TLS connection.
The server runs Oracle 12.1.0.1. The TLS connection issue occurs with all tested clients which previously succeeded in establishing a secure connection:
- ojdbc8.jar 12.2.0.1
- ojdbc7.jar 12.1.0.2
- SQL*Plus 12.1.0.2.0.
The SQL*Plus trace file contains an ORA-28862 ("peer closed the connection") which may be more specific than the previous ORA-28860. I will try to get the same trace file on the server side.
Best Answer
Restarting the listener solved the issue... I can't understand what happened, as the listener was already restarted during the server reboot.
I should have tried that before.
Thanks to everyone who has taken time to help.