Authenticate to OVD 10g Using Openssl Fails Over Secure Ldaps Protocol
(Doc ID 740142.1)
Last updated on JUNE 04, 2024
Applies to:
Oracle Virtual Directory - Version 10.1.4.2 to 10.1.4.3 [Release 10gR3]
Information in this document applies to any platform.
Symptoms
- Openssl will be used with OVD in some applications, however binds to OVD over SSL (mode 1; no authentication) fail with:
openssl s_client -connect <OVD_HOSTNAME>:<OVD_SSL_PORT> -debug
CONNECTED(00000003)
<ENCRYPTED INFO>
31132:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure:s23_clnt.c:562:
-
- OVD is configured to work on SSL mode 1 (ldaps -U 1)
ldapbind -h <OVD_HOSTNAME> -p <OVD_SSL_PORT> -U 1
bind successful
And the access.log shows:
[2008-09-23 02:18:33,482] conn=2 fd=0 slot=0 connection from <IP_ADDRESS> to <IP_ADDRESS> port <OVD_SSL_PORT> SSL
[2008-09-23 02:18:33,572] conn=2 op=0 BIND dn="" method=0 version=3
[2008-09-23 02:18:33,572] conn=2 op=0 RESULT err=0 tag=0 nentries=0 etime=0
- vde_start.sh includes, for example:
exec "$VDE_DIR"/jre/bin/java -server -Xmx512m -Dvde.reconnInConnPool=true -Dvde.
soTimeoutFrontend=120 -Dvde.soTimeoutBackend=120 -Djava.net.preferIPv4Stack=
true -Dvde.home="<OVD_HOME>" -Dvde.lib="/<OVD_HOME>/server/lib" -Dvde.
ldap.requireClientAuth="false" -Dvde.ldap.ciphers=SSL_DH_anon_WITH_DES_CBC_SHA,
SSL_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_AES_128_CBC_SHA com.octetstring.vde.
VDEServer > "$VDE_DIR"/log/vde_startup.log 2>&1
Notice that the ciphers include SSL_DH_anon_WITH_DES_CBC_SHA
Changes
Cause
|
To view full details, sign in with your My Oracle Support account. |
| Don't have a My Oracle Support account? Click to get started! |
In this Document
My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.