My Oracle Support Banner

Connections to Existing TLS-Configured OVD 11g Listener Fails (e.g., SSL Handshake Failed / Failure) or Hangs If MS KB3161639 Update Patch is Applied on the Clients (Doc ID 2184219.1)

Last updated on MARCH 15, 2019

Applies to:

Oracle Virtual Directory - Version and later
Information in this document applies to any platform.


With Microsoft (MS) security update KB3161639 applied on the client side only, which adds two new cipher suites (TLS_DHE_RSA_WITH_AES_128_CBC_SHA and TLS_DHE_RSA_WITH_AES_256_CBC_SHA), the secure ldap connection to the OVD existing TLS-configured listener server stops working.

The applications cannot connect to OVD using secure ldap. Secure ldap connections to other LDAP servers work, but fails to OVD.

The client connections hang and/or fails with SSL handshake failed. A tcpdump from a packet trace capture may show "Handshake Failure".

Workaround: Back out of the MS KB 3161639 update on the clients.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.