LDAPS Configuration using TLS 1.2 In OAG Results in java.net.SocketException: Connection reset Error
(Doc ID 2738876.1)
Last updated on OCTOBER 07, 2022
Applies to:
Oracle API Gateway - Version 11.1.2.4.0 and laterInformation in this document applies to any platform.
Symptoms
When configuring a connection in OAG to an LDAP server that exclusively uses the TLS v1.2 specification of SSL for the connection, the following error occurs in the trace log:
javax.naming.CommunicationException:<HOST>:<PORT> [Root exception is java.net.SocketException: Connection reset]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:226)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:136)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1608)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2698)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
at javax.naming.InitialContext.init(InitialContext.java:242)
at javax.naming.InitialContext.<init>(InitialContext.java:216)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
at com.vordel.common.ldap.ContextCache$CachedContext.<init>(ContextCache.java:45)
at com.vordel.common.ldap.ContextCache$1.factory(ContextCache.java:69)
at com.vordel.common.ldap.ContextCache$1.factory(ContextCache.java:54)
at com.vordel.system.PoolCache.hold(PoolCache.java:44)
at com.vordel.common.ldap.ContextCache.hold(ContextCache.java:114)
at com.vordel.common.ldap.ContextCache.hold(ContextCache.java:29)
at com.vordel.common.ldap.InContext.run(InContext.java:30)
at com.vordel.common.ldap.LdapLookup.search(LdapLookup.java:451)
at com.vordel.common.ldap.LdapLookup.search(LdapLookup.java:416)
at com.vordel.circuit.attribute.AttribLdapLookup.getAttributes(AttribLdapLookup.java:155)
at com.vordel.circuit.attribute.AttributeExtractLdapProcessor.getAttributes(AttributeExtractLdapProcessor.java:122)
at com.vordel.circuit.attribute.AttributeExtractBaseProcessor.invoke(AttributeExtractBaseProcessor.java:149)
at com.vordel.circuit.InvocationEngine.invokeFilter(InvocationEngine.java:151)
at com.vordel.circuit.InvocationEngine.invokeCircuit(InvocationEngine.java:43)
at com.vordel.circuit.CircuitDelegateProcessor.invoke(CircuitDelegateProcessor.java:46)
at com.vordel.circuit.InvocationEngine.invokeFilter(InvocationEngine.java:151)
at com.vordel.circuit.InvocationEngine.invokeCircuit(InvocationEngine.java:43)
at com.vordel.circuit.CircuitDelegateProcessor.invoke(CircuitDelegateProcessor.java:46)
at com.vordel.circuit.InvocationEngine.invokeFilter(InvocationEngine.java:151)
at com.vordel.circuit.DelegatingProcessor.callCircuit(DelegatingProcessor.java:84)
at com.vordel.circuit.DelegatingProcessor.callCircuit(DelegatingProcessor.java:77)
at com.vordel.circuit.ws.OperationProcessor.invoke(OperationProcessor.java:175)
at com.vordel.circuit.InvocationEngine.invokeFilter(InvocationEngine.java:151)
at com.vordel.circuit.ws.WSProcessor.callChain(WSProcessor.java:300)
at com.vordel.circuit.ws.WSProcessor.invoke(WSProcessor.java:281)
at com.vordel.circuit.InvocationEngine.invokeFilter(InvocationEngine.java:151)
at com.vordel.circuit.InvocationEngine.invokeCircuit(InvocationEngine.java:43)
at com.vordel.circuit.InvocationEngine.recordCircuitInvocation(InvocationEngine.java:277)
at com.vordel.circuit.InvocationEngine.processMessage(InvocationEngine.java:240)
at com.vordel.circuit.SyntheticCircuitChainProcessor.invoke(SyntheticCircuitChainProcessor.java:65)
at com.vordel.dwe.http.HTTPPlugin.processRequest(HTTPPlugin.java:412)
at com.vordel.dwe.http.HTTPPlugin.invokeDispose(HTTPPlugin.java:431)
at com.vordel.dwe.http.HTTPPlugin.invoke(HTTPPlugin.java:143)
Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:196)
at java.net.SocketInputStream.read(SocketInputStream.java:122)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:442)
at sun.security.ssl.InputRecord.read(InputRecord.java:480)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:946)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1344)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1371)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355)
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:381)
at com.sun.jndi.ldap.Connection.<init>(Connection.java:203)
... 46 more
at com.sun.jndi.ldap.Connection.<init>(Connection.java:226)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:136)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1608)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2698)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
at javax.naming.InitialContext.init(InitialContext.java:242)
at javax.naming.InitialContext.<init>(InitialContext.java:216)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
at com.vordel.common.ldap.ContextCache$CachedContext.<init>(ContextCache.java:45)
at com.vordel.common.ldap.ContextCache$1.factory(ContextCache.java:69)
at com.vordel.common.ldap.ContextCache$1.factory(ContextCache.java:54)
at com.vordel.system.PoolCache.hold(PoolCache.java:44)
at com.vordel.common.ldap.ContextCache.hold(ContextCache.java:114)
at com.vordel.common.ldap.ContextCache.hold(ContextCache.java:29)
at com.vordel.common.ldap.InContext.run(InContext.java:30)
at com.vordel.common.ldap.LdapLookup.search(LdapLookup.java:451)
at com.vordel.common.ldap.LdapLookup.search(LdapLookup.java:416)
at com.vordel.circuit.attribute.AttribLdapLookup.getAttributes(AttribLdapLookup.java:155)
at com.vordel.circuit.attribute.AttributeExtractLdapProcessor.getAttributes(AttributeExtractLdapProcessor.java:122)
at com.vordel.circuit.attribute.AttributeExtractBaseProcessor.invoke(AttributeExtractBaseProcessor.java:149)
at com.vordel.circuit.InvocationEngine.invokeFilter(InvocationEngine.java:151)
at com.vordel.circuit.InvocationEngine.invokeCircuit(InvocationEngine.java:43)
at com.vordel.circuit.CircuitDelegateProcessor.invoke(CircuitDelegateProcessor.java:46)
at com.vordel.circuit.InvocationEngine.invokeFilter(InvocationEngine.java:151)
at com.vordel.circuit.InvocationEngine.invokeCircuit(InvocationEngine.java:43)
at com.vordel.circuit.CircuitDelegateProcessor.invoke(CircuitDelegateProcessor.java:46)
at com.vordel.circuit.InvocationEngine.invokeFilter(InvocationEngine.java:151)
at com.vordel.circuit.DelegatingProcessor.callCircuit(DelegatingProcessor.java:84)
at com.vordel.circuit.DelegatingProcessor.callCircuit(DelegatingProcessor.java:77)
at com.vordel.circuit.ws.OperationProcessor.invoke(OperationProcessor.java:175)
at com.vordel.circuit.InvocationEngine.invokeFilter(InvocationEngine.java:151)
at com.vordel.circuit.ws.WSProcessor.callChain(WSProcessor.java:300)
at com.vordel.circuit.ws.WSProcessor.invoke(WSProcessor.java:281)
at com.vordel.circuit.InvocationEngine.invokeFilter(InvocationEngine.java:151)
at com.vordel.circuit.InvocationEngine.invokeCircuit(InvocationEngine.java:43)
at com.vordel.circuit.InvocationEngine.recordCircuitInvocation(InvocationEngine.java:277)
at com.vordel.circuit.InvocationEngine.processMessage(InvocationEngine.java:240)
at com.vordel.circuit.SyntheticCircuitChainProcessor.invoke(SyntheticCircuitChainProcessor.java:65)
at com.vordel.dwe.http.HTTPPlugin.processRequest(HTTPPlugin.java:412)
at com.vordel.dwe.http.HTTPPlugin.invokeDispose(HTTPPlugin.java:431)
at com.vordel.dwe.http.HTTPPlugin.invoke(HTTPPlugin.java:143)
Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:196)
at java.net.SocketInputStream.read(SocketInputStream.java:122)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:442)
at sun.security.ssl.InputRecord.read(InputRecord.java:480)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:946)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1344)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1371)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355)
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:381)
at com.sun.jndi.ldap.Connection.<init>(Connection.java:203)
... 46 more
If the connection is made through SSL, but TLS v1.2 is not enforced, the connection will occur as expected.
Changes
The connection has to be LDAPS and using TLS v1.2 for the problem to occur.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |