My Oracle Support Banner

Unable To Negotiate SSLv3 On MS Windows 2008 Client To OID Server. OID 10g Log Error: SSL Hand Shake failed ... NZerr 29048 / OID Log Error: SSL Hand Shake failed ... NZerr 29014 (Doc ID 1075004.1)

Last updated on FEBRUARY 25, 2019

Applies to:

Oracle Internet Directory - Version 10.1.2 to 10.1.4 [Release 10gR2 to 10gR3]
Information in this document applies to any platform.


Can not successfully negotiate SSLv3 on Microsoft (MS) Windows 2008 client to Oracle Internet Directory (OID) 10g, i.e., on Unix/Linux when the Windows cilent registry is set as follows:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client\DisabledByDefault = 1

Changing this value to 0 and negotiating then starts at SSLv2, then it successfully negotiates to SSLv3 and the connection works.

The $ORACLE_HOME/ldap/log/oidldapd01s<pid>.log OID server log shows error:

2010/02/25:13:23:07 * SSLthread:17 * ERROR * gslsflnNegotiateSSL * SSL Hand Shake failed                  Source address: <IP address>( * (NZerr 29048)

After upgrading OID to Patchset, the OID log error changes to:

SSLthread:18 * ERROR * gslsflnNegotiateSSL * SSL Hand Shake failed Source address: <IP address>( * (NZerr 29014)

The OID server has also been verified to be properly configured with a new configset and ports using the ssl mode 2 (server authentication) or 3 (client/server authentication) ok (reference <Document 178714.1> Configuration and Test of OID with SSL.)


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.