My Oracle Support Banner

Binds to OID 11g Configured For an Anonymous Cipher or a Few Ciphers Break After Applying an OSS Security Patch Update or CPU Patch with Error: SSL handshake failed (Doc ID 2451387.1)

Last updated on APRIL 14, 2021

Applies to:

Oracle Security Service - Version 11.1.1.9.0 and later
Oracle Internet Directory - Version 11.1.1.9.0 and later
Information in this document applies to any platform.

Symptoms

Oracle Internet Directory (OID) 11g 11.1.1.9.0 with an Oracle Security Service (OSS) or CPU Patch applied, for example: Patch 27369643: OSS SECURITY PATCH UPDATE 11.1.1.9.0 (CPUAPR2018), Patch 27047184: OSS BUNDLE PATCH 11.1.1.9.190716, etc.

Scenario 1:

OID instance set with default SSL mode 1 (encryption only / no authentication) and one of the supported anonymous ciphers, for example:

 

Binds from remote unpatched OID 11.1.1.9.0 and OID 12c 12.2.1.3.0 homes, as clients to the above OID server, continue to work fine.


Rolling back the OSS or CPU Patch resolves the problem.

 

Scenario 2:

OID set with SSL mode 2 (server authentication) and a few specific ciphers.

The same above behavior, failures and trace error occur.

Changes

Applied an OSS or CPU patch.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.