SSL Connection from Weblogic to LDAP Throws: "javax.net.ssl.SSLHandshakeException: Unsupported curveId:21" Error
(Doc ID 2254744.1)
Last updated on FEBRUARY 10, 2019
Applies to:Java SE JDK and JRE - Version 8 and later
Information in this document applies to any platform.
When attempting to establish a SSL connection from WebLogic servers to LDAP, the following error occurs:
javax.net.ssl.SSLHandshakeException: Unsupported curveId: 21
From weblogic.log_jdk1.8.0_121 log file :
Handshake message for ServerKeyExchange looks like below:
0c 00 01 41 03 00 15 39 04 92 0c 11 14 6b 88 5a
3f 52 19 25 c4 5e 75 6e 10 b5 a9 0b d1 c9 a9 54
This can be analyzed, using RFC 5246 and RFC 4492 as references. In this case:
0c: this is a ServerKeyExchange message (described in section 5.4 of RFC4492)
00 01 41: of length 0x000141 bytes (321 bytes)
03: the curve type is "named_curve"
00 15: the curve is secp224r1 (curve identifiers are in section 5.1.1,identifier 0x0015 is 21 in decimal).
Upgrade to Java SE 8 update 121 from 8u112
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document