Connections to Existing TLS-Configured OVD 11g Listener Fails (e.g., SSL Handshake Failed / Failure) or Hangs If MS KB3161639 Update Patch is Applied on the Clients
Last updated on MARCH 08, 2017
Applies to:Oracle Virtual Directory - Version 220.127.116.11.0 and later
Information in this document applies to any platform.
With Microsoft (MS) security update KB3161639 applied on the client side only, which adds two new cipher suites (TLS_DHE_RSA_WITH_AES_128_CBC_SHA and TLS_DHE_RSA_WITH_AES_256_CBC_SHA), the secure ldap connection to the OVD existing TLS-configured listener server stops working.
The applications cannot connect to OVD using secure ldap. Secure ldap connections to other LDAP servers work, but fails to OVD.
The client connections hang and/or fails with SSL handshake failed. A tcpdump from a packet trace capture may show "Handshake Failure".
Workaround: Back out of the MS KB 3161639 update on the clients.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms