Endpoint Connection Error - Unsupported curveId: 29
search cancel

Endpoint Connection Error - Unsupported curveId: 29


Article ID: 239943


Updated On:


CA Identity Suite CA Identity Manager


Attempting to acquire a JNDI (DYN) Connector endpoint (MS LDS on Windows 2016) fails with the error Unsupported curveId:29


Identity Manager


The unsupported curveid error was happening because the client and server could not negotiate on a cipher to use which is available on both sides.


Checked the Windows registry in the following location to determine the JVM/JDK being used by the Java Connector Server (JCS):

HKLM\SOFTWARE\Wow6432Node\ComputerAssociates\Identity Manager\Procrun 2.0\im_jcs\Parameters\Java

Modified the lib\security\java.security file for that JDK/JVM such that these two lines:

jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
jdk.tls.disabledAlgorithms=SSLv3,ECDH, ECDHE, RC4, DH keySize < 768

Now read as these two instead:

jdk.certpath.disabledAlgorithms=MD2,MD5, RSA keySize < 1024
jdk.tls.disabledAlgorithms=SSLv3, RC4,MD5withRSA, DH keySize < 768

Restarted the Java Connector Server (JCS)