My Oracle Support Banner

Connections to Existing TLS-Configured OVD 11g Listener Fails (e.g., SSL Handshake Failed / Failure) or Hangs If MS KB3161639 Update Patch is Applied on the Clients (Doc ID 2184219.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Virtual Directory - Version 11.1.1.7.0 and later
Information in this document applies to any platform.

Symptoms

With Microsoft (MS) security update KB3161639 applied on the client side only, which adds two new cipher suites (TLS_DHE_RSA_WITH_AES_128_CBC_SHA and TLS_DHE_RSA_WITH_AES_256_CBC_SHA), the secure ldap connection to the OVD existing TLS-configured listener server stops working.

The applications cannot connect to OVD using secure ldap. Secure ldap connections to other LDAP servers work, but fails to OVD.

The client connections hang and/or fails with SSL handshake failed. A tcpdump from a packet trace capture may show "Handshake Failure".

Workaround: Back out of the MS KB 3161639 update on the clients.

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


This document is being delivered to you via Oracle Support's Rapid Visibility (RaV) process and therefore has not been subject to an independent technical review.
My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.