Nov 28, 2016, 11:15 AM
94 Posts

There are no errors shown in that log, and those are server-side messages, not client-side.

  • Category: Domino Server
  • Platform: Windows
  • Release: 9.0.1
  • Role:
  • Tags:
  • Replies: 2
These lines...

[040C:000F-0A8C] 23.11.2016 15:18:02,29 SSLProcessClientHello> Processing TLS signature algorithms extension

[040C:000F-0A8C] 23.11.2016 15:18:02,29 SSLProcessClientHello> Client supports hash mask 0x007C; server cert chain has mask 0x0010

...indicate that your server's certificate chain only uses one hash algorithm, and that algorithm is supported by the connecting client.

This also does not indicate an error...

[040C:000F-0A8C] 23.11.2016 15:18:02,29 SSLProcessHandshakeMessage Exit> Message: ClientHello (1) State: HandshakeServerIdle (3) Key Exchange: 15 Cipher: ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xC030)

... nor does this line:

[040C:000F-0A8C] 23.11.2016 15:18:02,36 int_MapSSLError> Mapping SSL error -5000 to 4176 [SSLHandshakeNoDone]

"SSLHandshakeNoDone" just means that the handshake hasn't completed yet.

However, I note that you also stated, "When trying to connect from the Domino Server, we get the following error". The trace that you included is a server-side trace, not a client-side trace, so isn't related to the Domino server connecting as an SSL/TLS client outbound over LDAP to an AD server. The sequence messages that you're looking for would start with  "SSLEncodeClientHello", not "SSLProcessClientHello".