E-LDAP: LDAP Fails To Connect To LDAP Server Using TLS 1.2 (Doc ID 2091320.1)

Last updated on MAY 19, 2017

Applies to:

PeopleSoft Enterprise PT PeopleTools - Version 8.53 and later
Information in this document applies to any platform.

Symptoms

On : 8.53 version, LDAP

ACTUAL BEHAVIOR
---------------
As part OF PCI requirement, our LDAP server will only communicate using TLS 1.2. When testing the connectivity from LDAP Page, Test connectivity it fails with the following error
LDAP Exception Message : javax.naming.CommunicationException: simple bind failed: <LDAP SERVER> [Root exception is javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake]
The same server works fine, if we enable TLS 1.1
In Java 7, TLS 1.1 and 1.2 are disabled by default for client connections. To enable the TLS 1.1 and TLS 1.2
The location of the code change has been identified. Development needs to make this change ASAP so that the customer can proceed with this implementation

ERROR
-----------------------
LDAP Exception Message : javax.naming.CommunicationException: simple bind failed: <LDAP SERVER> [Root exception is javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake]


STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. Change the SSL certificate to TLS 1.2
2. Navigate to PeopleTools -> Security -> Directory -> Configure Directory
3. On the Test Connectivity page, observe error

This happens only if LDAP server disables SSL v3, TLS 1.0 and TLS 1.1 protocols and only allows TLS 1.2.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms