3060371 - ASE ldaps fails to connect - SAP ASE

Symptom

ASE ldaps connection fails, but is successful with other versions of ASE with the same configuration:
sectrace.ini (KBA# 2743343)
[SSL ][ 7] Cli-0000000B: ClientHello: Offering protocol version 3.0 (SSLv3)
[SSL ][ 7] Cli-0000000B: ClientHello: no session resumption requested (empty session ID)
[SSL ][ 7] Cli-0000000B: Summary: Offering 8 cipher suite(s) and SCSV(s):
[SSL ][ 7] < 0> : TLS_RSA_WITH_AES128_CBC_SHA
[SSL ][ 7] < 1> : TLS_RSA_WITH_AES256_CBC_SHA
[SSL ][ 7] < 2> : TLS_RSA_WITH_3DES_EDE_CBC_SHA
[SSL ][ 7] < 3> : TLS_RSA_WITH_RC4_128_SHA
[SSL ][ 7] < 4> : TLS_RSA_WITH_RC4_128_MD5
[SSL ][ 7] < 5> : TLS_RSA_WITH_NULL_SHA
[SSL ][ 7] < 6> : TLS_RSA_WITH_NULL_MD5
[SSL ][ 7] < 7> : Signaling cipher suite value (SCSV) secure renegotiation (RFC5746)
[SSL ][ 7] Cli-0000000D: ClientHello.compression_methods.size: 1
[SSL ][ 7] Cli-0000000D: ClientHello.compression_methods<0> = 0, NULL compression.
[SSL ][ 7] Cli-0000000D: Writing ClientHello extensions at offset 0x3b
[SSL ][ 7] Cli-0000000D: No ClientHello extensions were written
[SSL ][ 7] Cli-0000000D: Sending SSLv3/TLS ClientHello
[SSL ][ 7] Cli-0000000D: Function ssl3_write_pending returning 59. OK
[SSL ][ 7] Cli-0000000D: Function ssl3_finish_mac returning 0. OK
[SSL ][ 7] Cli-0000000D: Function ssl3_write_bytes returning 59. OK
[SSL ][ 7] Cli-0000000D: Function ssl3_do_write returning 1. OK
[SSL ][ 7] Cli-0000000D: Function ssl3_client_hello successfully returns 1.
[TLSOLDAP ][ 7] BIO read error: 0x000000e8
[SSL ][ 7] Cli-0000000D: Function ssl3_read_n returning -1.
[SSL ][ 7] Cli-0000000D: Function ssl3_get_record returning -1.
[SSL ][ 7] Cli-0000000D: ssl3_part_read returned '0xffffffff'
[SSL ][ 7] Cli-0000000D: Function ssl3_part_read returning -1.
[SSL ][ 7] Cli-0000000D: Function ssl3_get_message returning -1.
[SSL ][ 7] Cli-0000000D: Function ssl3_get_server_hello returning -1.
[SSL ][ 7] Cli-0000000D: Function ssl3_connect returning -1.
[SSL ][ 7] Cli-0000000D: Error 0xFFFFFFFF:
[SSL ][ 7] Unknown error
[SSL ][ 7] SSL3 client handshake failed

ASE log "dbcc traceon(3635, 3637)"
kernel ulauthreq(): entered.
kernel klbindfunc(c000000383cf8ba0)
kernel Binding to primary('NULL', '********', 'NULL', 'ldaps://ldaphost:636/')
kernel klbind() entry, authname NULL, password ********, searchname NULL, ldapurl ldaps://ldaphost:636/, distnamebuf c000000383cf7d90, distnamesize 68, distnamesfound c000000383cf9178, aeiv c000000383cf9210
kernel klbind: StartTLS is set to 'true'
kernel Display parsed ldap url 'ldaps://ldaphost:636/':
kernel host: ldaphost
kernel port: 636
kernel search base:
kernel No attributes in URL
kernel scope: base (0)
kernel no filter in URL
kernel attempting to set protocol to LDAP_VERSION3.
kernel Authenticating: dn="CN=Admin,DC=realm,DC=com" password="********"
kernel ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT) server connection timeout 10000 millisecs
kernel attempting to set LDAP Server search timeout 10 secs
kernel ldap_simple_bind failed, error, -1 [Can't contact LDAP server]
kernel Failed to authenticate: dn="CN=Admin,DC=realm,DC=com", ldap error Can't contact LDAP server.
kernel klbind: RETRY_ATTEMPT: 1
kernel ldap_simple_bind failed, error, -1 [Can't contact LDAP server]
kernel Failed to authenticate: dn="CN=Admin,DC=realm,DC=com", ldap error Can't contact LDAP server.

Environment

SAP Adaptive Server Enterprise (ASE) Software Developer Kit (SDK) 16.0 SP03 PL03

Product

SAP Adaptive Server Enterprise 16.0 ; SAP Adaptive Server Enterprise SDK 16.0

Keywords

CR# 814574, CR#814574, CR814574, ldaps, ldap, encryption, ssl, tls, connect, conn, active directory, openldap , KBA , BC-SYB-ASE , Sybase ASE Database Platform (non Business Suite) , BC-SYB-SDK , SDK , Known Error

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.