The problem with error reporting here was obviously on the server side, not the client.
Sceptical Meerkat

I agree that from a protocol level, the client acted appropriately. It would just be nice if the reason for failure was somehow propagated back to the user. I don’t know if this is a shortcoming of the TLS protocol for not providing a way of sending an error message/code, OpenLDAP (or the underlying SSL library) for not populating the error message, or at Java SSL library for not correctly logging or turning that error message into an exception.

Like what you read? Give Jon Peterson a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.