TLS error during FDM masking of SSL data source

book

Article ID: 222429

calendar_today

Updated On:

Products

CA Test Data Manager (Data Finder / Grid Tools)

Issue/Introduction

Using  FastDataMasker-4.9.191.0 and trying to mask DB2 database which is SSL enabled.

Using the additional parameters to connect with the SSL enabled DB2 instance:

sslConnection=true;sslTrustStoreLocation=keystore.jks;sslTrustStorePassword=xxxxx;

Getting below error when trying to connect to the DB:

JCC][T4][2030][11211][4.19.66] A COMMUNICATION ERROR OCCURRED DURING 
OPERATIONS ON THE CONNECTION'S UNDERLYING SOCKET, SOCKET INPUT STREAM, 
OR SOCKET 
OUTPUT STREAM.  ERROR LOCATION: REPLY.FILL() - SOCKETINPUTSTREAM.READ (-1).  
MESSAGE: THE SERVER SELECTED PROTOCOL VERSION TLS11 IS NOT ACCEPTED BY CLIENT 
PREFERENCES [TLS12]. ERRORCODE=-4499, 
SQLSTATE=08001
URL:JDBC:DB2://HOSTNAME:50001/DBNAME:SSLCONNECTION=TRUE;SSLTRUSTSTORELOCATION=E:\KEYSTORE.JKS;SSLTRUSTSTOREPASSWORD=******;

Cause

As this error states, the TLS preference of FDM(client) is TLSv 1.2 where has the DB2(server) database is using TLSv1.1 for SSL handshake and thus the handshake is failing.

The FDM uses is own JRE rather than the system JRE starting from version FastDataMasker-4.9.191.0 which has got Open JDK 292 build and uses TLSv1.2 for SSL handshake.

 

Environment

Release : 4.9

Component : Fast Data Masker

Resolution

**NOTE: TLSv1.1 has been disabled in latest versions of Java be the vendors due to security reasons and it is recommended to make sure that all servers and applications use TLSv1.2.

However, since FDM is shipping the JRE with it, follow below steps to enable TLSv1.1 from FDM side for SSL handshake.

- Exit from FDM.

- Go to (default path - your path may be different) "C:\Program Files\AdoptOpenJDK\jre-80212.04\lib\security"

- Open java.security file.

- Find the property "jdk.tls.disabledAlgorithms"

- From the list of values, remove TLSv1.1 and save the file.

- Restart FDM and try again.