Oracle JDBC Driver Does Not Allow TLS 1.2 On LDAPS Connection
(Doc ID 2447000.1)
Last updated on MARCH 28, 2019
Applies to:JDBC - Version 184.108.40.206.0 and later
Information in this document applies to any platform.
LDAPS is being used with JDBC 220.127.116.11 thin driver. URL format : (jdbc:oracle:thin:@ldaps://<LDAP HOSTNAME>:<LDAP SSL PORT>/<DATABASE SERVICE NAME>,<LDAP CONTEXT>).
Configuration is done with:
However, the JDBC driver is ignoring this configuration and is trying to connect with default one as shown below:
Connection using JDBC thin driver with TLS 1.2 works successfully, but fails with LDAPS protocol with the following observations:
- default JVM cacerts truststore gets loaded (ignores javax.net.ssl.trustStore)
- JDBC client connects using SSLv2' instead of TLS 1.2 (ignores oracle.net.ssl_version)
- JDBC client only offers cipher suite TLS_DH_anon_WITH_3DES_EDE_CBC_SHA (ignores oracle.net.ssl_cipher_suites)
This is observed when looking at the network activity using WireShark, It is seen that the LDAPS connection is not established using the security settings configured using the JDBC properties (TLS 1.2 + AES/CGM cipher).
The TCPS connection itself is established as expected.
JDBC connection may fail with exception:
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document