My Oracle Support Banner

Oracle JDBC Driver Does Not Allow TLS 1.2 On LDAPS Connection (Doc ID 2447000.1)

Last updated on MARCH 28, 2019

Applies to:

JDBC - Version 12.1.0.2.0 and later
Information in this document applies to any platform.

Symptoms

LDAPS is being used with JDBC 12.1.0.2 thin driver. URL format : (jdbc:oracle:thin:@ldaps://<LDAP HOSTNAME>:<LDAP SSL PORT>/<DATABASE SERVICE NAME>,<LDAP CONTEXT>).

Configuration is done with:

    oracle.net.ssl_cipher_suites=(TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV)"

However, the JDBC driver is ignoring this configuration and is trying to connect with default one as shown below: 

            TLS_DHanon_WITH_3DES_EDE_CC_SHA 

Connection using JDBC thin driver with TLS 1.2 works successfully, but fails with LDAPS protocol with the following observations:

-              default JVM cacerts truststore gets loaded (ignores javax.net.ssl.trustStore) 
-              JDBC client connects using SSLv2' instead of TLS 1.2 (ignores oracle.net.ssl_version) 
-              JDBC client only offers cipher suite TLS_DH_anon_WITH_3DES_EDE_CBC_SHA  (ignores oracle.net.ssl_cipher_suites) 

This is observed when looking at the network activity using WireShark, It is seen that the LDAPS connection is not established using the security settings configured using the JDBC properties (TLS 1.2 + AES/CGM cipher).
The TCPS connection itself is established as expected.

JDBC connection may fail with exception:

java.lang.NullPointerException
at oracle.net.jndi.JndiAttrs.getAttrs(JndiAttrs.java:215)
at oracle.net.resolver.AddrResolution.<init>(AddrResolution.java:238)
at oracle.net.ns.NSProtocol.connect(NSProtocol.java:234)
at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1481)

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.