Error Message

ERROR [ui.auth.SecurityFilter] (https-jsse-nio2-443-exec-25:[]) [#80003] Unexpected error  com.teneo.esa.common.exception.TeneoException: [#320000] Cant connect to LDAP server.at com.teneo.esa.ui.auth.LDAP.authenticate(LDAP.java:296) ~[testclasses/:?]

• CCJ v3.0.2 was FIPS-140-2 validated and supported TLS/LDAPS indirectly as part of its integrated crypto services.

• CCJ v4.0.0 is FIPS-140-3 validated and has a redefined module boundary.

• Under the FIPS-140-3 definition, the module only provides cryptographic primitives (e.g., encryption/decryption, hashing, key derivation, RNG) and does not include complete protocol implementations such as TLS or LDAPS.

• LDAPS requires a full TLS stack for handshakes and encryption. Since TLS is no longer part of the approved module’s API, it must be implemented externally (e.g., by the JVM’s JSSE or another FIPS-capable provider) while still using CCJ for the underlying crypto operations.

1.  On the eDiscovery server in question, stop eDP services using the CW Utility, #3 on the Desktop.
2.  Take a backup copy of the file C:\\\jre\lib\security\java.security  (See Figure 1).
3.  Open the java.security with an editor like Notepad.
4. Add this line at the bottom of the file: org.bouncycastle.jsse.fips.allowRSAKeyExchange=true
5. Click on File>Save and close the file.
6. Restart eDP services using the CW Utility, #4. 

Figure 1.