So has anybody seen this error before? Upgrading the client to 10.2.0.3didn't help (though I didn't expect it to). On 9/21/07, Jason Heinrich <jheinrichdba@xxxxxxxxx> wrote: > > List, > I'm attempting to setup SSL connectivity to a test database (10.2.0.1 on > AIX 5.3), but I keep getting an error on the client ( 10.2.0.1 on Windows > XP): ORA-28860: Fatal SSL error. > > I've checked the sqlnet.ora files to make sure they match, and I've > checked the wallets to make sure the trusted certificate on the client > matches the signer for the server certificate. A client trace didn't give > any useful information, but a trace of the listener on the server revealed > this: > ntzdosecneg: SSL handshake failed with error 29024 > > Of course, useful information about these errors seems sparse. If that's > an ORA error, then it would refer to a "Certificate validation failure", > which doesn't make sense because the client shouldn't be sending a > certificate to the server. I've included relavent portions of config files > below for reference: > > Client sqlnet.ora: > SSL_VERSION = 3.0 > SSL_CLIENT_AUTHENTICATION = FALSE > SSL_SERVER_DN_MATCH = No > SSL_CIPHER_SUITES=(SSL_RSA_WITH_AES_256_CBC_SHA, > SSL_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA) > > Server sqlnet.ora: > TCP.VALIDNODE_CHECKING=YES > TCP.INVITED_NODES=(<list of ip addresses, including the client>) > SSL_CIPHER_SUITES=(SSL_RSA_WITH_AES_256_CBC_SHA, > SSL_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA) > SSL_VERSION=3.0 > SSL_CLIENT_AUTHENTICATION=FALSE > > TCPS is set as the protocol in the server's listener.ora and client's > tnsnames.ora. Interestingly enough, I have no trouble connecting to the > database via TCPS while on the server. Any ideas? > > -- Jason Heinrich Oracle Developer/DBA