My Oracle Support Banner

Java SE 7 SSL Connections Generate "SSLException: Received fatal alert: illegal_parameter" (Doc ID 1598639.1)

Last updated on APRIL 09, 2017

Applies to:

Java SE JDK and JRE - Version 7 and later
Information in this document applies to any platform.


After upgrading to Java SE 7, LDAP SSL Mode 2 connections fail with the following error:

----------------------- Received fatal alert:illegal_parameter



Upgrading to Java SE 7.  Java SE 7 adds Elliptic Curve Cryptography (ECC) Extensions and Server Name Indication (SNI) Extensions.  These are explained in the Java 7 Security Enhancements documentation

To examine what is happening when Java makes a network connection, you can add the following flag to your list of JVM invocation options:  Here you can see ECC Extensions are enabled on this Java process attempting to connect to a C server via LDAP SSL Mode 2 Protocol with the resulting error:

Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]


Thread-0, handling exception: Received fatal alert: illegal_parameter
main, handling exception: Received fatal alert: illegal_parameter
javax.naming.CommunicationException: simple bind failed: <ip_address> [Root exception is Received fatal alert: illegal_parameter]
at com.sun.jndi.ldap.LdapClient.authenticate(


Caused by: Received fatal alert: illegal_parameter


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.