Unable To Negotiate SSLv3 On MS Windows 2008 Client To OID Server. OID 10g Log Error: SSL Hand Shake failed ... NZerr 29048 / OID 10.1.4.3.0 Log Error: SSL Hand Shake failed ... NZerr 29014 (Doc ID 1075004.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Internet Directory - Version 10.1.2 to 10.1.4 [Release 10gR2 to 10gR3]
Information in this document applies to any platform.
***Checked for relevance on 06-Mar-2013***

Symptoms

Can not successfully negotiate SSLv3 on Microsoft (MS) Windows 2008 client to Oracle Internet Directory (OID) 10g, i.e., 10.1.4.0.1 on Unix/Linux when the Windows cilent registry is set as follows:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client\DisabledByDefault = 1

Changing this value to 0 and negotiating then starts at SSLv2, then it successfully negotiates to SSLv3 and the connection works.


The $ORACLE_HOME/ldap/log/oidldapd01s<pid>.log OID server log shows error:

2010/02/25:13:23:07 * SSLthread:17 * ERROR * gslsflnNegotiateSSL * SSL Hand Shake failed                  Source address: <IP address>(myclienthostname.mycompany.com) * (NZerr 29048)




After upgrading OID to 10.1.4.3.0 Patchset, the OID log error changes to:

SSLthread:18 * ERROR * gslsflnNegotiateSSL * SSL Hand Shake failed Source address: <IP address>(myclienthostname.mycompany.com) * (NZerr 29014)



The OID server has also been verified to be properly configured with a new configset and ports using the ssl mode 2 (server authentication) or 3 (client/server authentication) ok (reference <Document 178714.1> Configuration and Test of OID with SSL.)


Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms