Connections to Existing TLS-Configured OVD 11g Listener Fails (e.g., SSL Handshake Failed / Failure) or Hangs If MS KB3161639 Update Patch is Applied on the Clients (Doc ID 2184219.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Virtual Directory - Version 11.1.1.7.0 and later
Information in this document applies to any platform.

Symptoms

With Microsoft (MS) security update KB3161639 applied on the client side only, which adds two new cipher suites (TLS_DHE_RSA_WITH_AES_128_CBC_SHA and TLS_DHE_RSA_WITH_AES_256_CBC_SHA), the secure ldap connection to the OVD existing TLS-configured listener server stops working.

The applications cannot connect to OVD using secure ldap. Secure ldap connections to other LDAP servers work, but fails to OVD.

The client connections hang and/or fails with SSL handshake failed. A tcpdump from a packet trace capture may show "Handshake Failure".

Workaround: Back out of the MS KB 3161639 update on the clients.

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms