DB2 SSL Handshake Connection Error
46 views
Skip to first unread message
Prashant Gandhi
Apr 11, 2024, 11:35:16 AMApr 11
to vert.x
Hi,
We have been trying to connect with Mainframe DB2 using SSL connectivity, but didn't get any success yet. Mainframe DB2 connectivity using SSL is working fine in case of normal com.ibm.db2.jcc.DB2BaseDataSource driver. But our requirement is to use reactive DB2 driver and that's why we choose Vertx. We are using the same certificate which we have used for the normal jcc driver connectivity.
Below is the serverhello log from my local,
========================================
javax.net.ssl|DEBUG|13|vert.x-eventloop-thread-0|2024-04-10 14:59:25.313 EDT|SSLEngineInputRecord.java:214|READ: TLSv1.2 handshake, length = 122
javax.net.ssl|DEBUG|13|vert.x-eventloop-thread-0|2024-04-10 14:59:25.315 EDT|ServerHello.java:867|Consuming ServerHello handshake message (
"ServerHello": {
"server version" : "TLSv1.2",
"random" : "C3 3D 72 E9 13 AC C5 C5 77 A4 81 95 F7 71 40 46 8E 0B 15 19 73 92 F3 90 0B 4C 75 E7 48 43 BD 36",
"session id" : "7A 4A 7E CC 2D 6D 02 5A 4F 80 B9 DA 5D 3B 68 45 F1 B6 7B 3F 84 77 BF E2 D8 27 94 06 4D 30 D2 A9",
"cipher suite" : "TLS_AES_256_GCM_SHA384(0x1302)",
"compression methods" : "00",
"extensions" : [
"supported_versions (43)": {
"selected version": [TLSv1.3]
},
"key_share (51)": {
"server_share": {
"named group": x25519
"key_exchange": {
0000: 22 AF 76 CD AB C6 8B A8 CE 70 DD 12 B4 17 98 A4 ".v......p......
0010: 04 63 2B F0 64 39 25 B4 F9 B8 E0 8C 82 B3 B2 27 .c+.d9%........'
}
},
}
]
}
)
javax.net.ssl|DEBUG|13|vert.x-eventloop-thread-0|2024-04-10 14:59:25.313 EDT|SSLEngineInputRecord.java:214|READ: TLSv1.2 handshake, length = 122
javax.net.ssl|DEBUG|13|vert.x-eventloop-thread-0|2024-04-10 14:59:25.315 EDT|ServerHello.java:867|Consuming ServerHello handshake message (
"ServerHello": {
"server version" : "TLSv1.2",
"random" : "C3 3D 72 E9 13 AC C5 C5 77 A4 81 95 F7 71 40 46 8E 0B 15 19 73 92 F3 90 0B 4C 75 E7 48 43 BD 36",
"session id" : "7A 4A 7E CC 2D 6D 02 5A 4F 80 B9 DA 5D 3B 68 45 F1 B6 7B 3F 84 77 BF E2 D8 27 94 06 4D 30 D2 A9",
"cipher suite" : "TLS_AES_256_GCM_SHA384(0x1302)",
"compression methods" : "00",
"extensions" : [
"supported_versions (43)": {
"selected version": [TLSv1.3]
},
"key_share (51)": {
"server_share": {
"named group": x25519
"key_exchange": {
0000: 22 AF 76 CD AB C6 8B A8 CE 70 DD 12 B4 17 98 A4 ".v......p......
0010: 04 63 2B F0 64 39 25 B4 F9 B8 E0 8C 82 B3 B2 27 .c+.d9%........'
}
},
}
]
}
)
===============================
Below is the remaining log from local,
===============================
javax.net.ssl|ALL|13|vert.x-eventloop-thread-0|2024-04-10 14:59:25.418 EDT|SSLEngineImpl.java:760|Closing outbound of SSLEngine
javax.net.ssl|WARNING|13|vert.x-eventloop-thread-0|2024-04-10 14:59:25.419 EDT|SSLEngineOutputRecord.java:182|outbound has closed, ignore outbound application data
javax.net.ssl|DEBUG|13|vert.x-eventloop-thread-0|2024-04-10 14:59:25.419 EDT|SSLEngineOutputRecord.java:529|WRITE: TLSv1.3 alert, length = 2
javax.net.ssl|DEBUG|13|vert.x-eventloop-thread-0|2024-04-10 14:59:25.420 EDT|SSLCipher.java:2062|Plaintext before ENCRYPTION (
0000: 01 00 15 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0010: 00 00 00 ...
)
javax.net.ssl|DEBUG|13|vert.x-eventloop-thread-0|2024-04-10 14:59:25.420 EDT|SSLEngineOutputRecord.java:550|Raw write (
0000: 17 03 03 00 23 BE 26 39 EE E9 49 17 AA DC 68 E6 ....#.&9..I...h.
0010: E3 12 D7 CD 18 9F D2 05 34 3A 8B D1 31 16 4E 59 ........4:..1.NY
0020: 48 26 C6 EF D1 C6 AA 1E H&......
)
Failure: The connection was closed by the database server., SQLCODE=-4499 SQLSTATE=08004.C.3
javax.net.ssl|WARNING|13|vert.x-eventloop-thread-0|2024-04-10 14:59:25.419 EDT|SSLEngineOutputRecord.java:182|outbound has closed, ignore outbound application data
javax.net.ssl|DEBUG|13|vert.x-eventloop-thread-0|2024-04-10 14:59:25.419 EDT|SSLEngineOutputRecord.java:529|WRITE: TLSv1.3 alert, length = 2
javax.net.ssl|DEBUG|13|vert.x-eventloop-thread-0|2024-04-10 14:59:25.420 EDT|SSLCipher.java:2062|Plaintext before ENCRYPTION (
0000: 01 00 15 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0010: 00 00 00 ...
)
javax.net.ssl|DEBUG|13|vert.x-eventloop-thread-0|2024-04-10 14:59:25.420 EDT|SSLEngineOutputRecord.java:550|Raw write (
0000: 17 03 03 00 23 BE 26 39 EE E9 49 17 AA DC 68 E6 ....#.&9..I...h.
0010: E3 12 D7 CD 18 9F D2 05 34 3A 8B D1 31 16 4E 59 ........4:..1.NY
0020: 48 26 C6 EF D1 C6 AA 1E H&......
)
Failure: The connection was closed by the database server., SQLCODE=-4499 SQLSTATE=08004.C.3
==================================
On DB2 side logs showing below error for ServerHello,
==========================================
Supported Version length: 3
[Expert Info (Error/Malformed): Vector length 3 is too large, truncating it to 1]]
[Vector length 3 is too large, truncating it to 1]
[Severity level: Error]
[Group: Malformed]
[Group: Malformed]
===============================================
Our Mainframe DB2 support guys are saying, there may be configuration issue.
Below is my java code,
===================
public static void main(String args[]) throws Exception
{
connectSsl(Vertx.vertx());
}
public static void connectSsl(Vertx vertx) {
//System.setProperty("javax.net.debug", "ssl:handshake");
DB2ConnectOptions options = (DB2ConnectOptions) new DB2ConnectOptions()
.setPort(XXXXXX)
.setHost("XXXXXX")
.setDatabase("XXXXXX")
.setSsl(true)
.addEnabledSecureTransportProtocol("TLSv1.2")
.setTrustAll(true)
.setTrustStoreOptions(new JksOptions()
.setPath("<Path to .jks file>")
.setPassword("XXXXXX"));
Set<String> ciphers = options.getEnabledCipherSuites(); // We are getting cipher size = 0, So, it will not print any CipherSuites
Iterator<String> ciphersIterator = ciphers.iterator();
while(ciphersIterator.hasNext()) {
System.out.println("CipherSuites - "+ciphersIterator.next());
}
PoolOptions poolOptions = new PoolOptions()
.setMaxSize(5);
SqlClient sc = DB2Builder.client().with(poolOptions).connectingTo(options).using(vertx).build();
sc
.query("SELECT XXX, XXX FROM XXXXXX.XXXXXXXXXX WHERE XXXX='XXXX'")
.execute()
.onComplete(ar -> {
if (ar.succeeded()) {
RowSet<Row> result = ar.result();
System.out.println("Got " + result.size() + " rows ");
} else {
System.out.println("Failure: " + ar.cause().getMessage());
}
// Now close the pool
sc.close();
});
}
{
connectSsl(Vertx.vertx());
}
public static void connectSsl(Vertx vertx) {
//System.setProperty("javax.net.debug", "ssl:handshake");
DB2ConnectOptions options = (DB2ConnectOptions) new DB2ConnectOptions()
.setPort(XXXXXX)
.setHost("XXXXXX")
.setDatabase("XXXXXX")
.setSsl(true)
.addEnabledSecureTransportProtocol("TLSv1.2")
.setTrustAll(true)
.setTrustStoreOptions(new JksOptions()
.setPath("<Path to .jks file>")
.setPassword("XXXXXX"));
Set<String> ciphers = options.getEnabledCipherSuites(); // We are getting cipher size = 0, So, it will not print any CipherSuites
Iterator<String> ciphersIterator = ciphers.iterator();
while(ciphersIterator.hasNext()) {
System.out.println("CipherSuites - "+ciphersIterator.next());
}
PoolOptions poolOptions = new PoolOptions()
.setMaxSize(5);
SqlClient sc = DB2Builder.client().with(poolOptions).connectingTo(options).using(vertx).build();
sc
.query("SELECT XXX, XXX FROM XXXXXX.XXXXXXXXXX WHERE XXXX='XXXX'")
.execute()
.onComplete(ar -> {
if (ar.succeeded()) {
RowSet<Row> result = ar.result();
System.out.println("Got " + result.size() + " rows ");
} else {
System.out.println("Failure: " + ar.cause().getMessage());
}
// Now close the pool
sc.close();
});
}
=================================
Am I missing anything here? What configuration I am missing here?
Please suggest the solution as it's critical for the project development.
Reply all
Reply to author
Forward
0 new messages