After Disabling SSLv3 on the Remote LDAP Server and Applying Patch 19285025, DBMS_LDAP Still Fails: ORA-31202: DBMS_LDAP: LDAP client/server error: SSL handshake failed
(Doc ID 2040297.1)
Last updated on SEPTEMBER 06, 2023
Applies to:
Oracle Internet Directory - Version 11.1.1 and laterInformation in this document applies to any platform.
Symptoms
Cannot bind from client RDBMS, e.g., 12.1.0.1 to third party LDAP Sever using dbms_ldap.open_ssl after disabling SSLv3 on the LDAP server.
ORA-31202: DBMS_LDAP: LDAP client/server error: SSL handshake failed
ORA-06512: at "SYS.DBMS_SYS_ERROR", line 86
ORA-06512: at "SYS.DBMS_LDAP", line 1489
ORA-06512: at "SYS.DBMS_LDAP", line 1266
ORA-06512: at line 15
Using sample code from <Document 263700.1> returns:
LDAP Host : <HOSTNAME>
LDAP Port : <SSL PORT#>
Error code : -31202
Error Message : ORA-31202: DBMS_LDAP: LDAP client/server error: SSL handshake failed
Exception encountered .. exiting
Also unable to ldapbind to backend LDAP
# With SSLv3 Off:
> ldapbind -D "cn=<USER>,OU=<OU>,,DC=<COMPANY>,DC=com" -w XXXX -h <host> -p <SSL PORT#> -W "file:/u01/product/wallets/ldap" -P XXXX -U 2
sgslufread: Hard error on read, OS error = 104
# With SSLv3 On:
> ldapbind -D "cn=<USER>,OU=<OU>,,DC=<COMPANY>,DC=com" -w XXXX -h <host> -p <SSL PORT#> -W "file:/u01/product/wallets/ldap" -P XXXX -U 2
bind successful
In some cases, Patch 19285025
has already been applied.
Changes
Disabled sslV3 due to requiring dbms_ldap to use TLS instead.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |