{"id":1370,"date":"2015-03-31T00:13:23","date_gmt":"2015-03-31T03:13:23","guid":{"rendered":"http:\/\/www.dbarj.com.br\/?p=1370"},"modified":"2015-03-31T00:58:49","modified_gmt":"2015-03-31T03:58:49","slug":"oracle-unified-directory-client-requested-protocol-sslv3-not-enabled-not-supported","status":"publish","type":"post","link":"https:\/\/www.dbarj.com.br\/en\/2015\/03\/oracle-unified-directory-client-requested-protocol-sslv3-not-enabled-not-supported\/","title":{"rendered":"OUD failing with “Client requested protocol SSLv3 not enabled or not supported”"},"content":{"rendered":"

After installing the latest release of\u00a0Oracle Unified Directory<\/strong> (11.1.2.2.0), all databases that tried to connect in the directory service started to receive the following error:<\/p>\n

SQL> conn T3204325\r\nEnter password:\r\nERROR:\r\nORA-28030: Server encountered problems accessing LDAP directory service<\/pre>\n
Checking on the OUD<\/strong> log file, the error was:<\/p>\n
[30\/Mar\/2015:10:50:46 -0300] CONNECT conn=19 from=10.192.38.28:34059 to=10.221.63.49:1636 protocol=LDAPS\r\n[30\/Mar\/2015:10:50:46 -0300] DISCONNECT conn=19 reason=\"I\/O Error\" msg=\"Client requested protocol SSLv3 not enabled or not supported\"<\/pre>\n
After searching a bit, I found out that the\u00a0any JDK version greater than JDK 7u75\u00a0release, the SSLv3 protocol (Secure Socket Layer) has been deactivated<\/strong> and is not<\/strong> available by default\u00a0to mitigate the SSL v3.0 Vulnerability (aka “Poodle Attack”).<\/p>\n
So, I tried to disable this protocol in the\u00a0DB side following the MOS Doc 1938502.1 (CVE-2014-3566 Poodle Vulnerability and SSL_VERSION Parameter Setting)<\/a>.\u00a0Basically, it says\u00a0to\u00a0update any sqlnet.ora<\/span> and listener.ora<\/span> configuration files with: SSL_VERSION=1.0<\/span>“<\/strong><\/p>\n
Unfortunately, after applying that workaround, the problem persisted<\/span>.<\/p>\n
After researching a lot more, finally I found out that this is a bug (19285025<\/strong>) =[ .. and the solution in to apply patch\u00a019285025<\/span><\/strong>, available via the patch portal.<\/p>\n
So, I applied that after shutting down the instance:<\/p>\n
[oracle@blqa10bddsne001 opatch]$ unzip p19285025_112040_Linux-x86-64.zip\r\nArchive:  p19285025_112040_Linux-x86-64.zip\r\n   creating: 19285025\/\r\n  inflating: 19285025\/README.txt\r\n   creating: 19285025\/etc\/\r\n   creating: 19285025\/etc\/config\/\r\n  inflating: 19285025\/etc\/config\/inventory.xml\r\n  inflating: 19285025\/etc\/config\/deploy.xml\r\n  inflating: 19285025\/etc\/config\/actions.xml\r\n   creating: 19285025\/etc\/xml\/\r\n  inflating: 19285025\/etc\/xml\/GenericActions.xml\r\n  inflating: 19285025\/etc\/xml\/ShiphomeDirectoryStructure.xml\r\n   creating: 19285025\/files\/\r\n   creating: 19285025\/files\/lib\/\r\n   creating: 19285025\/files\/lib\/libldapclnt11.a\/\r\n  inflating: 19285025\/files\/lib\/libldapclnt11.a\/gslcss.o\r\n[oracle@blqa10bddsne001 opatch]$ cd 19285025\/\r\n[oracle@blqa10bddsne001 19285025]$ opatch prereq CheckConflictAgainstOHWithDetail -ph .\/\r\nOracle Interim Patch Installer version 11.2.0.3.6\r\nCopyright (c) 2013, Oracle Corporation.  All rights reserved.\r\n\r\nPREREQ session\r\n\r\nOracle Home       : \/u01\/app\/oracle\/product\/11.2.4\/dbhome_1\r\nCentral Inventory : \/u01\/app\/oraInventory\r\n   from           : \/u01\/app\/oracle\/product\/11.2.4\/dbhome_1\/oraInst.loc\r\nOPatch version    : 11.2.0.3.6\r\nOUI version       : 11.2.0.4.0\r\nLog file location : \/u01\/app\/oracle\/product\/11.2.4\/dbhome_1\/cfgtoollogs\/opatch\/opatch2015-03-30_11-07-21AM_1.log\r\n\r\nInvoking prereq \"checkconflictagainstohwithdetail\"\r\n\r\nPrereq \"checkConflictAgainstOHWithDetail\" passed.\r\n\r\nOPatch succeeded.\r\n[oracle@blqa10bddsne001 19285025]$ opatch apply\r\nOracle Interim Patch Installer version 11.2.0.3.6\r\nCopyright (c) 2013, Oracle Corporation.  All rights reserved.\r\n\r\n\r\nOracle Home       : \/u01\/app\/oracle\/product\/11.2.4\/dbhome_1\r\nCentral Inventory : \/u01\/app\/oraInventory\r\n   from           : \/u01\/app\/oracle\/product\/11.2.4\/dbhome_1\/oraInst.loc\r\nOPatch version    : 11.2.0.3.6\r\nOUI version       : 11.2.0.4.0\r\nLog file location : \/u01\/app\/oracle\/product\/11.2.4\/dbhome_1\/cfgtoollogs\/opatch\/19285025_Mar_30_2015_11_09_55\/apply2015-03-30_11-09-55AM_1.log\r\n\r\nApplying interim patch '19285025' to OH '\/u01\/app\/oracle\/product\/11.2.4\/dbhome_1'\r\nVerifying environment and performing prerequisite checks...\r\nAll checks passed.\r\nProvide your email address to be informed of security issues, install and\r\ninitiate Oracle Configuration Manager. Easier for you if you use your My\r\nOracle Support Email address\/User Name.\r\nVisit http:\/\/www.oracle.com\/support\/policies.html for details.\r\nEmail address\/User Name:\r\n\r\nYou have not provided an email address for notification of security issues.\r\nDo you wish to remain uninformed of security issues ([Y]es, [N]o) [N]:  y\r\n\r\n\r\n\r\nPlease shutdown Oracle instances running out of this ORACLE_HOME on the local system.\r\n(Oracle Home = '\/u01\/app\/oracle\/product\/11.2.4\/dbhome_1')\r\n\r\n\r\nIs the local system ready for patching? [y|n]\r\ny\r\nUser Responded with: Y\r\nBacking up files...\r\n\r\nPatching component oracle.ldap.rsf, 11.2.0.4.0...\r\n\r\nPatching component oracle.rdbms, 11.2.0.4.0...\r\n\r\nPatching component oracle.rdbms.rsf, 11.2.0.4.0...\r\n\r\nVerifying the update...\r\nPatch 19285025 successfully applied\r\nLog file location: \/u01\/app\/oracle\/product\/11.2.4\/dbhome_1\/cfgtoollogs\/opatch\/19285025_Mar_30_2015_11_09_55\/apply2015-03-30_11-09-55AM_1.log\r\n\r\nOPatch succeeded.\r\n[oracle@blqa10bddsne001 19285025]$<\/pre>\n
Starting my database again, the problem finally disappeared<\/span><\/strong> =D.\u00a0No more problems with the SSLv3 vulnerability!<\/p>\n
For more information, you can check the MOS Doc 1986819.1 (EUS – ORA-28030: Server Encountered Problems Accessing OUD)<\/a>.<\/p>\nHave you enjoyed? Please leave a comment or give a \ud83d\udc4d!<\/b>\n
Continue reading<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[31],"tags":[],"class_list":["post-1370","post","type-post","status-publish","format-standard","hentry","category-oud-en","item-wrap"],"yoast_head":"\nOUD failing with "Client requested protocol SSLv3 not enabled or not supported" - DBA - Rodrigo Jorge - Oracle Tips and Guides<\/title>\n<meta name=\"description\" content=\"How to resolve OUD failing with "Client requested protocol SSLv3 not enabled or not supported".\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dbarj.com.br\/en\/2015\/03\/oracle-unified-directory-client-requested-protocol-sslv3-not-enabled-not-supported\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"DBA RJ\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.dbarj.com.br\\\/en\\\/2015\\\/03\\\/oracle-unified-directory-client-requested-protocol-sslv3-not-enabled-not-supported\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.dbarj.com.br\\\/en\\\/2015\\\/03\\\/oracle-unified-directory-client-requested-protocol-sslv3-not-enabled-not-supported\\\/\"},\"author\":{\"name\":\"DBA RJ\",\"@id\":\"https:\\\/\\\/www.dbarj.com.br\\\/en\\\/#\\\/schema\\\/person\\\/28a44ca3a6633fe4156ad1ea209d40a9\"},\"headline\":\"OUD failing with “Client requested protocol SSLv3 not enabled or not supported”\",\"datePublished\":\"2015-03-31T03:13:23+00:00\",\"dateModified\":\"2015-03-31T03:58:49+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.dbarj.com.br\\\/en\\\/2015\\\/03\\\/oracle-unified-directory-client-requested-protocol-sslv3-not-enabled-not-supported\\\/\"},\"wordCount\":207,\"publisher\":{\"@id\":\"https:\\\/\\\/www.dbarj.com.br\\\/en\\\/#\\\/schema\\\/person\\\/28a44ca3a6633fe4156ad1ea209d40a9\"},\"articleSection\":[\"Oracle Unified Directory\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.dbarj.com.br\\\/en\\\/2015\\\/03\\\/oracle-unified-directory-client-requested-protocol-sslv3-not-enabled-not-supported\\\/\",\"url\":\"https:\\\/\\\/www.dbarj.com.br\\\/en\\\/2015\\\/03\\\/oracle-unified-directory-client-requested-protocol-sslv3-not-enabled-not-supported\\\/\",\"name\":\"OUD failing with \\\"Client requested protocol SSLv3 not enabled or not supported\\\" - DBA - Rodrigo Jorge - Oracle Tips and Guides\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.dbarj.com.br\\\/en\\\/#website\"},\"datePublished\":\"2015-03-31T03:13:23+00:00\",\"dateModified\":\"2015-03-31T03:58:49+00:00\",\"description\":\"How to resolve OUD failing with \\\"Client requested protocol SSLv3 not enabled or not supported\\\".\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.dbarj.com.br\\\/en\\\/2015\\\/03\\\/oracle-unified-directory-client-requested-protocol-sslv3-not-enabled-not-supported\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.dbarj.com.br\\\/en\\\/2015\\\/03\\\/oracle-unified-directory-client-requested-protocol-sslv3-not-enabled-not-supported\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.dbarj.com.br\\\/en\\\/2015\\\/03\\\/oracle-unified-directory-client-requested-protocol-sslv3-not-enabled-not-supported\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.dbarj.com.br\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"OUD failing with \\\"Client requested protocol SSLv3 not enabled or not supported\\\"\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.dbarj.com.br\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.dbarj.com.br\\\/en\\\/\",\"name\":\"DBA - Rodrigo Jorge - Oracle Tips and Guides\",\"description\":\"Blog about Databases, Security and High Availability\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.dbarj.com.br\\\/en\\\/#\\\/schema\\\/person\\\/28a44ca3a6633fe4156ad1ea209d40a9\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.dbarj.com.br\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/www.dbarj.com.br\\\/en\\\/#\\\/schema\\\/person\\\/28a44ca3a6633fe4156ad1ea209d40a9\",\"name\":\"DBA RJ\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.dbarj.com.br\\\/wp-content\\\/uploads\\\/2019\\\/09\\\/RodrigoJorgePOUG19.png\",\"url\":\"https:\\\/\\\/www.dbarj.com.br\\\/wp-content\\\/uploads\\\/2019\\\/09\\\/RodrigoJorgePOUG19.png\",\"contentUrl\":\"https:\\\/\\\/www.dbarj.com.br\\\/wp-content\\\/uploads\\\/2019\\\/09\\\/RodrigoJorgePOUG19.png\",\"width\":712,\"height\":712,\"caption\":\"DBA RJ\"},\"logo\":{\"@id\":\"https:\\\/\\\/www.dbarj.com.br\\\/wp-content\\\/uploads\\\/2019\\\/09\\\/RodrigoJorgePOUG19.png\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"OUD failing with \"Client requested protocol SSLv3 not enabled or not supported\" - DBA - Rodrigo Jorge - Oracle Tips and Guides","description":"How to resolve OUD failing with \"Client requested protocol SSLv3 not enabled or not supported\".","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dbarj.com.br\/en\/2015\/03\/oracle-unified-directory-client-requested-protocol-sslv3-not-enabled-not-supported\/","twitter_misc":{"Written by":"DBA RJ","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dbarj.com.br\/en\/2015\/03\/oracle-unified-directory-client-requested-protocol-sslv3-not-enabled-not-supported\/#article","isPartOf":{"@id":"https:\/\/www.dbarj.com.br\/en\/2015\/03\/oracle-unified-directory-client-requested-protocol-sslv3-not-enabled-not-supported\/"},"author":{"name":"DBA RJ","@id":"https:\/\/www.dbarj.com.br\/en\/#\/schema\/person\/28a44ca3a6633fe4156ad1ea209d40a9"},"headline":"OUD failing with “Client requested protocol SSLv3 not enabled or not supported”","datePublished":"2015-03-31T03:13:23+00:00","dateModified":"2015-03-31T03:58:49+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dbarj.com.br\/en\/2015\/03\/oracle-unified-directory-client-requested-protocol-sslv3-not-enabled-not-supported\/"},"wordCount":207,"publisher":{"@id":"https:\/\/www.dbarj.com.br\/en\/#\/schema\/person\/28a44ca3a6633fe4156ad1ea209d40a9"},"articleSection":["Oracle Unified Directory"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.dbarj.com.br\/en\/2015\/03\/oracle-unified-directory-client-requested-protocol-sslv3-not-enabled-not-supported\/","url":"https:\/\/www.dbarj.com.br\/en\/2015\/03\/oracle-unified-directory-client-requested-protocol-sslv3-not-enabled-not-supported\/","name":"OUD failing with \"Client requested protocol SSLv3 not enabled or not supported\" - DBA - Rodrigo Jorge - Oracle Tips and Guides","isPartOf":{"@id":"https:\/\/www.dbarj.com.br\/en\/#website"},"datePublished":"2015-03-31T03:13:23+00:00","dateModified":"2015-03-31T03:58:49+00:00","description":"How to resolve OUD failing with \"Client requested protocol SSLv3 not enabled or not supported\".","breadcrumb":{"@id":"https:\/\/www.dbarj.com.br\/en\/2015\/03\/oracle-unified-directory-client-requested-protocol-sslv3-not-enabled-not-supported\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dbarj.com.br\/en\/2015\/03\/oracle-unified-directory-client-requested-protocol-sslv3-not-enabled-not-supported\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.dbarj.com.br\/en\/2015\/03\/oracle-unified-directory-client-requested-protocol-sslv3-not-enabled-not-supported\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.dbarj.com.br\/en\/"},{"@type":"ListItem","position":2,"name":"OUD failing with \"Client requested protocol SSLv3 not enabled or not supported\""}]},{"@type":"WebSite","@id":"https:\/\/www.dbarj.com.br\/en\/#website","url":"https:\/\/www.dbarj.com.br\/en\/","name":"DBA - Rodrigo Jorge - Oracle Tips and Guides","description":"Blog about Databases, Security and High Availability","publisher":{"@id":"https:\/\/www.dbarj.com.br\/en\/#\/schema\/person\/28a44ca3a6633fe4156ad1ea209d40a9"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dbarj.com.br\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/www.dbarj.com.br\/en\/#\/schema\/person\/28a44ca3a6633fe4156ad1ea209d40a9","name":"DBA RJ","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.dbarj.com.br\/wp-content\/uploads\/2019\/09\/RodrigoJorgePOUG19.png","url":"https:\/\/www.dbarj.com.br\/wp-content\/uploads\/2019\/09\/RodrigoJorgePOUG19.png","contentUrl":"https:\/\/www.dbarj.com.br\/wp-content\/uploads\/2019\/09\/RodrigoJorgePOUG19.png","width":712,"height":712,"caption":"DBA RJ"},"logo":{"@id":"https:\/\/www.dbarj.com.br\/wp-content\/uploads\/2019\/09\/RodrigoJorgePOUG19.png"}}]}},"_links":{"self":[{"href":"https:\/\/www.dbarj.com.br\/en\/wp-json\/wp\/v2\/posts\/1370","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dbarj.com.br\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbarj.com.br\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbarj.com.br\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbarj.com.br\/en\/wp-json\/wp\/v2\/comments?post=1370"}],"version-history":[{"count":0,"href":"https:\/\/www.dbarj.com.br\/en\/wp-json\/wp\/v2\/posts\/1370\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.dbarj.com.br\/en\/wp-json\/wp\/v2\/media?parent=1370"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbarj.com.br\/en\/wp-json\/wp\/v2\/categories?post=1370"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbarj.com.br\/en\/wp-json\/wp\/v2\/tags?post=1370"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}