This is coming from Support.
In the article detailing how to set up LDAP, there is a section that describes how to set up your LDAP directory in SSL mode. (https://help.liferay.com/hc/en-us/articles/360017896112-LDAP-#security)
Because of changes made in Java1.8u181 (https://www.oracle.com/technetwork/java/javase/8u181-relnotes-4479407.html), endpoint identification algorithms have been enabled by default. This can cause "applications that were previously able to successfully connect to an LDAPS server to no longer be able to do so." According to Oracle, to remedy this, you can add the following system property to your setenv.sh/bat file.