search cancel

Endpoint Connection Error - Unsupported curveId: 29

book

Article ID: 239943

calendar_today

Updated On:

Products

CA Identity Suite CA Identity Manager

Issue/Introduction

Attempting to acquire a JNDI (DYN) Connector endpoint (MS LDS on Windows 2016) fails with the error Unsupported curveId:29

Cause

The unsupported curveid error was happening because the client and server could not negotiate on a cipher to use which is available on both sides.

Environment

Identity Manager

Resolution

Checked the Windows registry in the following location to determine the JVM/JDK being used by the Java Connector Server (JCS):

HKLM\SOFTWARE\Wow6432Node\ComputerAssociates\Identity Manager\Procrun 2.0\im_jcs\Parameters\Java

Modified the lib\security\java.security file for that JDK/JVM such that these two lines:

jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
jdk.tls.disabledAlgorithms=SSLv3,ECDH, ECDHE, RC4, DH keySize < 768

Now read as these two instead:

jdk.certpath.disabledAlgorithms=MD2,MD5, RSA keySize < 1024
jdk.tls.disabledAlgorithms=SSLv3, RC4,MD5withRSA, DH keySize < 768

Restarted the Java Connector Server (JCS)