Forum Stats

  • 3,839,357 Users
  • 2,262,486 Discussions


"ORA-28860: Fatal SSL error" When Running UTL_HTTP with TLS v1.2 on Oracle

We are trying to use the UTL_HTTP package in Oracle Database and getting an error:

SQL> @/tmp/teste.sql



ERROR at line 1:

ORA-29273: HTTP request failed

ORA-06512: at "SYS.UTL_HTTP", line 1130

ORA-28860: Fatal SSL error

ORA-06512: at line 12

We created the wallet and imported the certificate:

mkdir -p $ORACLE_BASE/admin/$ORACLE_SID/wallet

orapki wallet create -wallet $ORACLE_BASE/admin/$ORACLE_SID/wallet -pwd <password>

orapki wallet add -wallet $ORACLE_BASE/admin/$ORACLE_SID/wallet -trusted_cert -pwd <password> -cert cert_cloud.crt

The content of the script:



http_req utl_http.req;

http_resp utl_http.resp;

-- Variaveis do perfil

w_pathWallet VARCHAR2(500) := 'file:$ORACLE_BASE/admin/$ORACLE_SID/wallet';

w_pwdWallet VARCHAR2(500) := '<password>';


Utl_Http.Set_Wallet(w_pathWallet, w_pwdWallet);


http_req := utl_http.begin_request( '<https webservice address>'

, 'POST'

, 'HTTP/1.1');

utl_http.set_authentication (http_req, '00454733','IC3R8T');

utl_http.set_header(http_req, 'Content-Type', 'application/xml; charset=utf-8');

http_resp := UTL_HTTP.get_response(http_req);

dbms_output.put_line('HTTP response status code: ' || http_resp.status_code);

dbms_output.put_line('HTTP response reason phrase: ' || http_resp.reason_phrase);




The same script successfully runs on databases 12cR2 and 19c.

We did some test monitoring with tcpdump and it seems to be some error in the handshake phase. The successful test on 12cR2 uses TLS v1.2, while the test with error on 11gR2 returns an error showing TLS v1.0

According to the notes we analyzed in the knowledge base, TLS v1.2 should be supported in Oracle Database as long as the last PSU is applied (in this case we have PSU APR/2021).

Would be unsupported working with TLS v1.2?

Does anyone have any suggestions for further investigation beyond the one mentioned?

Does anyone use UTL_HTTP on Oracle with TLS v1.2?


  • Jason_(A_Non)
    Jason_(A_Non) Member Posts: 2,106 Silver Trophy

    I have a client that is still using and back in 2018 we added in support for a remote HTTPS call using TLS v1.2. At that point in time, the MESv405 / MESv415 was still a separate one-off patch for I had the appropriate patch applied (patch 24975424) after having SR discussions with Oracle Support staff. It is still working today, though I've lost track of what PSU that RAC DB is up to. It is currently scheduled for migration to 19c later this year.

    Not the answer you were looking for but proof that you can use for TLS v1.2 HTTPS connections.