Unable To Negotiate SSLv3 On MS Windows 2008 Client To OID Server. OID 10g Log Error: SSL Hand Shake failed ... NZerr 29048 / OID 10.1.4.3.0 Log Error: SSL Hand Shake failed ... NZerr 29014
(Doc ID 1075004.1)
Last updated on JUNE 25, 2018
Applies to:Oracle Internet Directory - Version 10.1.2 to 10.1.4 [Release 10gR2 to 10gR3]
Information in this document applies to any platform.
Can not successfully negotiate SSLv3 on Microsoft (MS) Windows 2008 client to Oracle Internet Directory (OID) 10g, i.e., 10.1.4.0.1 on Unix/Linux when the Windows cilent registry is set as follows:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client\DisabledByDefault = 1
Changing this value to 0 and negotiating then starts at SSLv2, then it successfully negotiates to SSLv3 and the connection works.
The $ORACLE_HOME/ldap/log/oidldapd01s<pid>.log OID server log shows error:
After upgrading OID to 10.1.4.3.0 Patchset, the OID log error changes to:
The OID server has also been verified to be properly configured with a new configset and ports using the ssl mode 2 (server authentication) or 3 (client/server authentication) ok (reference <Document 178714.1> Configuration and Test of OID with SSL.)
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!