So has anybody seen this error before? Upgrading the client to
10.2.0.3didn't help (though I didn't expect it to).
On 9/21/07, Jason Heinrich <jheinrichdba_at_gmail.com> wrote:
>
> List,
> I'm attempting to setup SSL connectivity to a test database (10.2.0.1 on
> AIX 5.3), but I keep getting an error on the client ( 10.2.0.1 on Windows
> XP): ORA-28860: Fatal SSL error.
>
> I've checked the sqlnet.ora files to make sure they match, and I've
> checked the wallets to make sure the trusted certificate on the client
> matches the signer for the server certificate. A client trace didn't give
> any useful information, but a trace of the listener on the server revealed
> this:
> ntzdosecneg: SSL handshake failed with error 29024
>
> Of course, useful information about these errors seems sparse. If that's
> an ORA error, then it would refer to a "Certificate validation failure",
> which doesn't make sense because the client shouldn't be sending a
> certificate to the server. I've included relavent portions of config files
> below for reference:
>
> Client sqlnet.ora:
> SSL_VERSION = 3.0
> SSL_CLIENT_AUTHENTICATION = FALSE
> SSL_SERVER_DN_MATCH = No
> SSL_CIPHER_SUITES=(SSL_RSA_WITH_AES_256_CBC_SHA,
> SSL_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA)
>
> Server sqlnet.ora:
> TCP.VALIDNODE_CHECKING=YES
> TCP.INVITED_NODES=(<list of ip addresses, including the client>)
> SSL_CIPHER_SUITES=(SSL_RSA_WITH_AES_256_CBC_SHA,
> SSL_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA)
> SSL_VERSION=3.0
> SSL_CLIENT_AUTHENTICATION=FALSE
>
> TCPS is set as the protocol in the server's listener.ora and client's
> tnsnames.ora. Interestingly enough, I have no trouble connecting to the
> database via TCPS while on the server. Any ideas?
>
>
--
Jason Heinrich
Oracle Developer/DBA
--
http://www.freelists.org/webpage/oracle-l
Received on Wed Sep 26 2007 - 13:35:14 CDT
