SSL connection from Weblogic to LDAP reports:javax.net.ssl.SSLHandshakeException: Unsupported curveId:21
Last updated on APRIL 13, 2017
Applies to:Java SE JDK and JRE - Version 8 and later
Information in this document applies to any platform.
When attempting to use SSL connection from Weblogic servers to LDAP, the following error occurs.
javax.net.ssl.SSLHandshakeException: Unsupported curveId: 21
From weblogic.log_jdk1.8.0_121 log file :
Handshake message for ServerKeyExchange looks like below:
0c 00 01 41 03 00 15 39 04 92 0c 11 14 6b 88 5a
3f 52 19 25 c4 5e 75 6e 10 b5 a9 0b d1 c9 a9 54
This can be analyzed, using RFC 5246 and RFC 4492 as references. In this case:
0c: this is a ServerKeyExchange message (described in section 5.4 of RFC4492)
00 01 41: of length 0x000141 bytes (321 bytes)
03: the curve type is "named_curve"
00 15: the curve is secp224r1 (curve identifiers are in section 5.1.1,identifier 0x0015 is 21 in decimal).
Java upgrade to 8U121 from 8U112
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms