My Oracle Support Banner

Authenticate to OVD 10g Using Openssl Fails Over Secure Ldaps Protocol (Doc ID 740142.1)

Last updated on JANUARY 30, 2022

Applies to:

Oracle Virtual Directory - Version 10.1.4.2 and later
Information in this document applies to any platform.

Symptoms

  • Openssl will be used with OVD in some applications, however binds to OVD over SSL (mode 1; no authentication) fail with:

     openssl s_client -connect <OVD_HOSTNAME>:<OVD_SSL_PORT> -debug
    CONNECTED(00000003)

    <ENCRYPTED INFO>


    31132:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
    failure:s23_clnt.c:562:

  •  

  • OVD is configured to work on SSL mode 1 (ldaps -U 1)

    ldapbind -h <OVD_HOSTNAME> -p <OVD_SSL_PORT> -U 1
    bind successful

    And the access.log shows:

    [2008-09-23 02:18:33,482] conn=2 fd=0 slot=0 connection from <IP_ADDRESS> to <IP_ADDRESS> port <OVD_SSL_PORT> SSL
    [2008-09-23 02:18:33,572] conn=2 op=0 BIND dn="" method=0 version=3
    [2008-09-23 02:18:33,572] conn=2 op=0 RESULT err=0 tag=0 nentries=0 etime=0
  • vde_start.sh includes, for example:

    exec "$VDE_DIR"/jre/bin/java -server -Xmx512m -Dvde.reconnInConnPool=true -Dvde.
    soTimeoutFrontend=120 -Dvde.soTimeoutBackend=120 -Djava.net.preferIPv4Stack=
    true -Dvde.home="<OVD_HOME>" -Dvde.lib="/<OVD_HOME>/server/lib" -Dvde.
    ldap.requireClientAuth="false" -Dvde.ldap.ciphers=SSL_DH_anon_WITH_DES_CBC_SHA,
    SSL_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_AES_128_CBC_SHA     com.octetstring.vde.
    VDEServer > "$VDE_DIR"/log/vde_startup.log 2>&1

    Notice that the ciphers include SSL_DH_anon_WITH_DES_CBC_SHA

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Symptoms
Changes
Cause
Solution
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.