It's all about the answers!

Ask a question

Is ssl protocol supported for jdbc ( db2 ) ?


Kevin Ramer (4.5k9185200) | asked Oct 08 '14, 10:18 a.m.
Hi,

Our security team is mentioning SSL communication in conjunction with our DB2 databases, so I'm thinking that SSL may be required at some point down the road.   I tried searching these fora for variations of "SSL JDBC database connection" with no clear result.

This article SSL and JDBC describes the mechanics of configuring the DB2 server and DB2 client.  In its example verification it shows an explicit setting of a property:

   java.util.Properties properties = new java.util.Properties();
    
  properties.put("user", "enter user name");
  properties.put("password", "enter password");
  properties.put("sslConnection", "true");
Later those properties are used in the creation of the connection:

  try
   {
      System.out.println("url: " + url);
      con = java.sql.DriverManager.getConnection(url, properties);
      java.sql.Statement s2 = con.createStatement();
JDBC uri _may_ recognize other properties besides user,password, but I've not located documentation yet.

So, I'm guessing that the Jazz application won't magically work if the JDBC points to an SSL enabled database. 



Comments
Kevin Ramer commented Oct 08 '14, 10:42 a.m.

Found reference to sslConnection in DB2 doc under JDBC Properties:

sslConnection
Specifies whether the IBM Data Server Driver for JDBC and SQLJ uses an SSLsocket to connect to the data source. If sslConnection is set to true, theconnection uses an SSL socket. If sslConnection is set to false, the connectionuses a plain socket.

This property is applicable only to IBM Data Server Driver for JDBC and SQLJtype 4 connectivity.
So, I guess in theory ssl connection could be used.









Francesco Chiossi commented Oct 09 '14, 4:31 a.m. | edited Oct 09 '14, 4:31 a.m.

Hello Kevin,

what is the business need to encrypt the connection between the application and the DB?
I see a possible concern in the performance area.
Wouldn't be more effective to have the communication between the application server and the database going in a secured section of the network?

Best Regards,

Francesco Chiossi


Kevin Ramer commented Oct 09 '14, 8:31 a.m.

Currently, none.  But my security focal was inquiring about SSL configuration on DB2 as part of our periodic health checks, so I'm thinking it's only a matter of time.

Our physical arrangement is likely such that we could setup a private network between the LPAR providing db2 and the 2 LPAR hosting our CLM applications.  

One answer



permanent link
Donald Nong (14.5k614) | answered Oct 09 '14, 3:57 a.m.
Hi Kevin,

While CLM does not support this configuration currently (there is no place to define the "sslConnection" JDBC property as far as I can see), you should be able to implement it by using JDBC data source in WebSphere Application Server - CLM supports using JDBC data source but it seems that only few users choose this option. See below post in developerWorks for a similar scenario.
https://www.ibm.com/developerworks/community/forums/html/topic?id=38ee2f3f-3037-4760-9c5b-4019c586acae

Comments
Kevin Ramer commented Feb 03 '15, 4:51 p.m.

There are jdbc directives ( keywords ) to configure the SSL into the jdbc URI.

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.