By Sylvain Duloutre on Feb 12, 2015
Starting with the January 20, 2015 Critical Patch Update releases (JDK 8u31, JDK 7u75, JDK 6u91 and above) the Java Runtime Environment has SSLv3 disabled by default. More details about this change is available at http://www.oracle.com/technetwork/java/javase/documentation/cve-2014-3566-2342133.html
Any attempt to connect to OUD with SSLv3 after applying the Java update above will fail with the error message below in the access logs:
[09/Feb/2015:12:51:48 +0100] DISCONNECT conn=102 reason="I/O Error" msg="Client requested protocol SSLv3 not enabled or not supported" [09/Feb/2015:12:51:48 +0100] CONNECT conn=102 from=****:14123 to=****:1636 protocol=LDAPS
For testing purpose only, a procedure to re-enable SSLv3 is described in http://www.oracle.com/technetwork/java/javase/documentation/cve-2014-3566-2342133.html howewer it is time to identify the LDAP client culprit and apply the appropriate security fix so that it uses TLS.