SSL connection from Weblogic to LDAP reports:javax.net.ssl.SSLHandshakeException: Unsupported curveId:21
(Doc ID 2254744.1)
Last updated on FEBRUARY 03, 2019
Applies to:Java SE JDK and JRE - Version 8 and later
Information in this document applies to any platform.
When attempting to use SSL connection from Weblogic servers to LDAP, the following error occurs.
javax.net.ssl.SSLHandshakeException: Unsupported curveId: 21
From weblogic.log_jdk1.8.0_121 log file :
Handshake message for ServerKeyExchange looks like below:
0c 00 01 41 03 00 15 39 04 92 0c 11 14 6b 88 5a
3f 52 19 25 c4 5e 75 6e 10 b5 a9 0b d1 c9 a9 54
This can be analyzed, using RFC 5246 and RFC 4492 as references. In this case:
0c: this is a ServerKeyExchange message (described in section 5.4 of RFC4492)
00 01 41: of length 0x000141 bytes (321 bytes)
03: the curve type is "named_curve"
00 15: the curve is secp224r1 (curve identifiers are in section 5.1.1,identifier 0x0015 is 21 in decimal).
Java upgrade to 8U121 from 8U112
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document