how to make clm application to connect DB on tcps port
we are using clm 6.0.3 with liberty profile and oracle db 12c for our applications.
Java.runtime= Java™ SE Runtime Environment (pxa6470_27sr3fp40-201604220_01 (SR3 FP40))
our IBM clm applications are hosted on Websphere Liberty Server 8.5.5.9 (wlp-1.0.12.cl50920160227-1523)
java version - 1.7.0_75
ojdbc driver-ojdbc7.jar
Implementation setup
We want to enable mutual ssl authentication with DB server to application.
Steps followed.
We are using the default keystore of liberty profile , where we imported the DB certificate and also extracted the applicationcertificate and imported the same oracle DB wallet.
we are using default server.xml file and startup file and java.security files. For making this tcps communication, where exactly we need to make changes
Issue detrails
we are able to connect the db through tcp string. But not able to connect by tcps string.
tcp string – thin:jts-user/{password}@//192.168.100.216:1521/vmtestdb
tcps String - thin:jts_user/{password}@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=192.168.100.216)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=vmtestdb)))
Error Code:-
Caused by: oracle.net.ns.NetException: The Network Adapter could not establish the connection
at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:445)
at oracle.net.resolver.AddrResolution.resolveAndExecute(AddrResolution.java:464)
at oracle.net.ns.NSProtocol.establishConnection(NSProtocol.java:594)
at oracle.net.ns.NSProtocol.connect(NSProtocol.java:229)
at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1360)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:486)
... 80 more
Caused by: oracle.net.ns.NetException: The ssl protocol specified is not supported.
at oracle.net.nt.TcpsConfigure.configureVersion(TcpsConfigure.java:179)
at oracle.net.nt.TcpsNTAdapter.setSSLSocketOptions(TcpsNTAdapter.java:253)
at oracle.net.nt.TcpsNTAdapter.connect(TcpsNTAdapter.java:172)
at oracle.net.nt.ConnOption.connect(ConnOption.java:133)
at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:411)
... 85 more
Caused by: java.lang.IllegalArgumentException: SSLv2Hello is not a recognized protocol.
at com.ibm.jsse2.pb.a(pb.java:105)
at com.ibm.jsse2.pb.b(pb.java:96)
at com.ibm.jsse2.pb.<init>(pb.java:115)
at com.ibm.jsse2.qc.setEnabledProtocols(qc.java:805)
at oracle.net.nt.TcpsConfigure.configureVersion(TcpsConfigure.java:175)
For reproducing the issue, we will get the same error when we put tcps string to connect the db.
3 answers
Caused by: oracle.net.ns.NetException: The ssl protocol specified is not supported.
I would suggest to talk to Oracle support.
Comments
Hi Ralph,
So is it because of the DB server listening to the sslv2 hello port and there is nothing to do from application side.
we suspected that, we would need to make some changes need to be done from server.xml or server.startup file of java security.xml to not to listen sslv2.
Also, could you please clarify whether we need to add the oracle wallet configurations to server.xml file or server.startup file.
Here what I can share:
- This is an open forum where users try to help other users with questions, in case they can
-
This is not IBM Support
- Issues with infrastructure from other vendors should sometimes be discussed with said vendor
I can not clarify anything, as I am not an expert in this infrastructure.
I have however seen like 5 threads around this very specific question. I am not sure if that is all from the same source. If so, I would consider this abuse of this forum.
I have not seen any resolution and repeating to ask the same question does not seem to be productive.
So please get in contact with IBM or Oracle support.
If you have an answer, I think every forum user would be happy if you share that.
Hi Ralph,
Thanks for your advise.
We have already reached oracle support and they confirmed that we have to disable the sslv2 listening in Application side. But we couldnt find any proper link from net with the solution here.
i believe that the liberty profile is based on server.xml file configuration and where we have "ssl enabled protocol = ssl"
and in server.startup file, we tried to add some additional parameters as below
JAVACMD="$JAVACMD -Ddeployment.security.SSLv2Hello=false -Ddeployment.security.SSLv3=false -Ddeployment.security.TLSv1=false -D\
deployment.security.TLSv1.1=true -Ddeployment.security.TLSv1.2=true"
but still no luck.
We hope this something related to jdk version and oracle jdbc version compatibility issue.
But here we are not aware that how to make the application not to listen sslv2 which is by default disabled in jdk 1.7, but still from where this call is coming.