After upgrading from eDP 10.3 to 10.3.1, ldaps no longer working.

Problem

After upgrading to V10.3.1 or higher the previously working  LDAPS configuration nolonger works.  The user attempting to login is met with a spinning wheel  at the longin prompt 

Error Message

ERROR [ui.auth.SecurityFilter] (https-jsse-nio2-443-exec-25:[]) [#80003] Unexpected error  com.teneo.esa.common.exception.TeneoException: [#320000] Cant connect to LDAP server.at com.teneo.esa.ui.auth.LDAP.authenticate(LDAP.java:296) ~[testclasses/:?]

Cause

• CCJ v3.0.2 was FIPS-140-2 validated and supported TLS/LDAPS indirectly as part of its integrated crypto services.

• CCJ v4.0.0 is FIPS-140-3 validated and has a redefined module boundary.

• Under the FIPS-140-3 definition, the module only provides cryptographic primitives (e.g., encryption/decryption, hashing, key derivation, RNG) and does not include complete protocol implementations such as TLS or LDAPS.

• LDAPS requires a full TLS stack for handshakes and encryption. Since TLS is no longer part of the approved module’s API, it must be implemented externally (e.g., by the JVM’s JSSE or another FIPS-capable provider) while still using CCJ for the underlying crypto operations.

Solution

1.  On the eDiscovery server in question, stop eDP services using the CW Utility, #3 on the Desktop.
2.  Take a backup copy of the file C:\<jdk-8uNNN-windows-x64>\<jdk1.8.0_NNN>\jre\lib\security\java.security  (See Figure 1).
3.  Open the java.security with an editor like Notepad.
4. Add this line at the bottom of the file: org.bouncycastle.jsse.fips.allowRSAKeyExchange=true
5. Click on File>Save and close the file.
6. Restart eDP services using the CW Utility, #4. 

Figure 1.