After Disabling SSLv3 on the Remote LDAP Server and Applying Patch 19285025, DBMS_LDAP Still Fails: ORA-31202: DBMS_LDAP: LDAP client/server error: SSL handshake failed (Doc ID 2040297.1)

Last updated on JUNE 26, 2017

Applies to:

Oracle Internet Directory - Version 11.1.1 and later
Information in this document applies to any platform.

Symptoms

Cannot bind from client RDBMS, e.g., 12.1.0.1 to third party LDAP Sever using dbms_ldap.open_ssl after disabling SSLv3 on the LDAP server.

ERROR at line 1:
ORA-31202: DBMS_LDAP: LDAP client/server error: SSL handshake failed
ORA-06512: at "SYS.DBMS_SYS_ERROR", line 86
ORA-06512: at "SYS.DBMS_LDAP", line 1489
ORA-06512: at "SYS.DBMS_LDAP", line 1266
ORA-06512: at line 15

  
Using sample code from <Document 263700.1> returns:

DBMS_LDAP Search Example to directory ..
LDAP Host                : myldapserver.mycompany.com
LDAP Port                : 636
Error code : -31202
Error Message : ORA-31202: DBMS_LDAP: LDAP client/server error: SSL handshake failed
Exception encountered .. exiting

 Also unable to ldapbind to backend LDAP

# With SSLv3 Off:
> ldapbind -D "cn=user,OU=myou,,DC=mycompany,DC=com" -w XXXX -h <host> -p 636 -W "file:/u01/product/wallets/ldap" -P XXXX -U 2
sgslufread: Hard error on read, OS error = 104

# With SSLv3 On:
> ldapbind -D "cn=user,OU=myou,,DC=mycompany,DC=com" -w XXXX -h <host> -p 636 -W "file:/u01/product/wallets/ldap" -P XXXX -U 2
bind successful

 

In some cases, Patch 19285025
has already been applied. 

Changes

 Disabled sslV3 due to requiring dbms_ldap to use TLS instead.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms