Im hoping someone has come across this issue....
How to ensure a particular Cipher Suite is not being used from my webapp (RHEL+Tomcat+ OpenJDK 11.0.4) to an LDAPS Domain Controller?
We don't allow the the cipher in our server.xml file but the LDAPS connection from the DC does offer it in its list - DHE-RSA-AES256-GCM-SHA384 and negotiates the connection over that Cipher.
I have added DHE-RSA-AES256-GCM-SHA384 to jdk.tls.disabledAlgorithms within the java.security file but still the session negotiates over that cipher.
We have noticed the issue since the AD team have upgraded from server 2008 to 2012R2 we see intermittent connection resets over LDAPS only. And only when that cipher is being used.
LDAP works fine and LDAPS to 2008 works fine.
