My Oracle Support Banner

WebCenter Portal javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate) Trying to Connect to LDAP Server After Tightening Cipher List in OID (Doc ID 2662082.1)

Last updated on SEPTEMBER 13, 2021

Applies to:

Oracle WebCenter Portal - Version 12.2.1.3.0 and later
Information in this document applies to any platform.

Symptoms

WebCenter Portal managed server fails to connect to the LDAP server using TLSv1.2 after tightening the available ciphers for OID.

This is only impacting WebCenter Portal.  Login is successful to WebLogic Console, Fusion Middleware Control and WebCenter Content. 

WebCenter Portal is generating the following errors:

[<TIMESTAMP>] [WC_Spaces] [NOTIFICATION] [LIBOVD-20119] [oracle.ods.virtualization.engine.backend.jndi.OIDAuthenticator.BackendJNDI] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: anonymous] [ecid: <ECID>] [APP: webcenter] [partition-name: DOMAIN] [tenant-name: GLOBAL] [DSID: <DSID>] Finished initialization.

[<TIMESTAMP>] [WC_Spaces] [NOTIFICATION] [] [oracle.ods.virtualization.engine.backend.jndi.OIDAuthenticator] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: anonymous] [ecid: <ECID>] [APP: webcenter] [partition-name: DOMAIN] [tenant-name: GLOBAL] [DSID: <DSID>] Priming the connection pool.ldap://[<LDAP_HOSTNAME>]:<LDAP_SSL_PORT>


[<TIMESTAMP>0] [WC_Spaces] [WARNING] [LIBOVD-60024] [oracle.ods.virtualization.engine.backend.jndi.OIDAuthenticator] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: anonymous] [ecid:<ECID>] [APP: webcenter] [partition-name: DOMAIN] [tenant-name: GLOBAL] [DSID: <DSID>] Connection error: simple bind failed: <LDAP_HOSTNAME>:<LDAP_SSL_PORT>.


[<TIMESTAMP>] [WC_Spaces] [WARNING] [IGF-00008] [oracle.igf.ovd] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: anonymous] [ecid:<ECID>] [APP: webcenter] [partition-name: DOMAIN] [tenant-name: GLOBAL] [DSID:<DSID>] Operations error: entity=cn=Users,dc=<COMPANY>,dc=com op=find mesg=Protocol Error LDAP Error 2 : simple bind failed: <LDAP_HOSTNAME>:<LDAP_SSL_PORT>

[<TIMESTAMP>] [WC_Spaces] [WARNING] [] [oracle.webcenter.webcenterapp.internal.view.shell.WCSiteTemplatesManagerImpl] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: anonymous] [ecid:<ECID>] [APP: webcenter] [partition-name: DOMAIN] [tenant-name: GLOBAL] [DSID:<DSID>] Couldnt determine what page template to use due to {0}

[<TIMESTAMP>] [WC_Spaces] [ERROR] [] [oracle.webcenter.webcenterapp.internal.view.shell.WCSiteTemplatesManagerImpl] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: anonymous] [ecid:<ECID>] [APP: webcenter] [partition-name: DOMAIN] [tenant-name: GLOBAL] [DSID:<DSID>] [[
java.lang.RuntimeException: oracle.webcenter.framework.service.WebCenterMemberException: Operations error: entity=cn=Users,dc=<COMPANY>,dc=com op=find mesg=  
at oracle.webcenter.framework.service.Utility.getUserUniqueIdentifier(Utility.java:1063)
at oracle.webcenter.portal.api.PropertyBean.getUserUniqueIdentifier(PropertyBean.java:399)
at oracle.webcenter.portal.api.PropertyBean.getCreatorGuid(PropertyBean.java:179)
at oracle.webcenter.portalframework.genericsiteresources.internal.model.GenericSiteResourceConverter$Conversion.updateGenericSiteResource(GenericSiteResourceConverter.java:682)
at oracle.webcenter.portalframework.genericsiteresources.internal.model.GenericSiteResourceConverter$Conversion.toGenericSiteResource(GenericSiteResourceConverter.java:716)
...
Caused by: oracle.webcenter.framework.service.WebCenterMemberException: Operations error: entity=cn=Users,dc=<COMPANY>,dc=com op=find mesg=  
at oracle.webcenter.framework.security.idm.UserCacheManager.findUserFromUserName(UserCacheManager.java:1645)
at oracle.webcenter.framework.security.idm.UserCacheManager.getUserFromUserName(UserCacheManager.java:2164)
at oracle.webcenter.framework.service.Utility.getUserUniqueIdentifier(Utility.java:1051)
...
Caused by: oracle.igf.ids.IDSException: Operations error: entity=cn=Users,dc=<COMPANY>,dc=com op=find mesg=  
at oracle.igf.ids.arisid.ArisIdServiceManager.findEntity(ArisIdServiceManager.java:1712)
at oracle.igf.ids.UserManager.searchUser(UserManager.java:236)
at oracle.webcenter.framework.security.idm.UserCacheManager.findUserFromUserName(UserCacheManager.java:1597)
...
Caused by: oracle.igf.ids.arisid.ArisIdConnectionException: Operations error: entity=cn=Users,dc=<COMPANY>,dc=com op=find mesg=   AdditionalInfo: LDAP Error 2 : simple bind failed: <LDAP_HOSTNAME>:<LDAP_SSL_PORT>
at com.oracle.ovd.arisid.OvdIdsStackProvider.mapResultCode(OvdIdsStackProvider.java:776)
at com.oracle.ovd.arisid.OvdIdsStackProvider.doFind(OvdIdsStackProvider.java:1336)
at com.oracle.ovd.arisid.ArisIdStackProvider.doFind(ArisIdStackProvider.java:172)
at org.openliberty.arisid.Interaction.doFind(Interaction.java:1022)
at oracle.igf.ids.arisid.ArisIdServiceManager.findEntity(ArisIdServiceManager.java:1628)
...
Caused by: oracle.ods.virtualization.service.VirtualizationException: oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 2 : simple bind failed: <LDAP_HOSTNAME>:<LDAP_SSL_PORT>
at oracle.ods.virtualization.operation.SearchOperation.process(SearchOperation.java:209)
at oracle.ods.virtualization.operation.SearchOperation.process(SearchOperation.java:47)
at oracle.ods.virtualization.service.DefaultVirtualizationSession.processOperation(DefaultVirtualizationSession.java:403)
at oracle.ods.virtualization.service.DefaultVirtualizationSession.search(DefaultVirtualizationSession.java:190)
at com.oracle.ovd.arisid.OvdIdsStackProvider.doFind(OvdIdsStackProvider.java:1327)
...
Caused by: oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 2 : simple bind failed: <LDAP_HOSTNAME>:<LDAP_SSL_PORT>
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getLDAPContext(BackendJNDI.java:1164)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getConnection(BackendJNDI.java:1027)
at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.getHolder(ConnectionHandle.java:470)
at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.search(ConnectionHandle.java:276)
at oracle.ods.virtualization.engine.backend.jndi.JNDIEntrySet.initialize(JNDIEntrySet.java:223)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.get(BackendJNDI.java:811)
...
Caused by: javax.naming.CommunicationException: simple bind failed: <LDAP_HOSTNAME>:<LDAP_SSL_PORT> [Root exception is javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2791)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
...
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at sun.security.ssl.Handshaker.activate(Handshaker.java:509)
at sun.security.ssl.SSLSocketImpl.kickstartHandshake(SSLSocketImpl.java:1474)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1346)
... 

 

Changes

SSL was setup for OID Server.
Tightened security ciphers in OID:

 Deleted existing ciphers:
  dn: cn=oid1,cn=osdldapd,cn=subconfigsubentry
  changetype: modify
  delete: orclsslciphersuite
  orclsslciphersuite: SSL_RSA_WITH_RC4_128_MD5
  orclsslciphersuite: SSL_RSA_WITH_RC4_128_SHA
  orclsslciphersuite: SSL_RSA_WITH_3DES_EDE_CBC_SHA

 Added others:
  dn: cn=oid1,cn=osdldapd,cn=subconfigsubentry
  changetype: modify
  add: orclsslciphersuite
  orclsslciphersuite: TLS_RSA_WITH_AES_256_CBC_SHA256
  orclsslciphersuite: SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
  orclsslciphersuite: TLS_RSA_WITH_AES_128_CBC_SHA
  orclsslciphersuite: TLS_RSA_WITH_AES_256_CBC_SHA

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.