Bug description

AM6.0.0.x is unable to connect to a DS6 production mode directory using latest JDK8 (> u192)

How to reproduce the issue

1. Setup an external DS6 production mode directory
2. Import the SSL cert to the AM JDK truststore
3. Configure AM 6.0.0.x with a new DataStore (LDAPS)
4. Check the Admin page for the Identities
5. If using JDK 8 < update 192 it works but after JDK 8u192 things break
6. AM6.5/6.5.1 is not affected (due to use of DS6.5 libraries)

Expected behaviour

Identities can be seen

Current behaviour

No identities seen

This issue is not seen on AM6.5.0 and AM 6.5.1

Work around

Add more ciphers to the DJ server (ie: mostly non TLSv1.2 ciphers)
It seems that the TLSv1.2 protocol is not working and so one may need to
ensure TLSv1.1 ciphers needs to be available. It seems the ECDH*-GCM is not available with the DJ client and so adding some ECDHE*RSA*CBC will help.

It seems TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA seems to work (to add to the LDAPS ciphers needed)

The same system work before JDK8u192 and so a rollback to use earlier JDK version is also possible also

Code analysis

When in production mode the set of DJ server cipher suites are

supportedTLSCiphers: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
supportedTLSCiphers: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
supportedTLSCiphers: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
supportedTLSCiphers: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

but from trace the LDAP client does not have these set of ciphers.

This is causes by OPENDJ-5553 (or a related fix from this may be needed) and AM 6.0.x uses DJ6.0.0.x which have this issue.
This issue is related to be seen also in OPENAM-14669. Note that OPENAM-14669 does not resolve this as it is applies to ssoadm but the same issue arises.