search cancel

Mainframe Team Center (MTC-DBM) for the Db2 Tools Fails with SSL PROTOCOL ERROR

book

Article ID: 229613

calendar_today

Updated On:

Products

Database Management for DB2 for z/OS - Performance Suite

Issue/Introduction

All attempts to log into the MTCDBM UI via HTTPS (or HTTP) via Chrome or Edge encounters:

"This site can't provide a secure connection" ERR_SSL_PROTOCOL_ERROR (Hostname sent an invalid response) with the MTCDBM output showing ' AEADBadTagException: Tag mismatch! ' .

Using FireFox as the browser encounters the different failure:

Secure Connection Failed An error occurred during a connection SSL received a record with an incorrect Message Authentication Code. Error code: SSL_ERROR_BAD_MAC_READ    

"The page you are trying to view cannot be shown because the authenticity of the received data could not be verified."
 

Environment

Release : 20.0

Component : MTC-DBM

Cause

Java 8 SR6FP25 (or higher) introduced TLSv1.3 support.  MTCDBM supports TLSv1.2, but not TLSv1.3, and IBM should allow for TLSv1.2 specification.

 

Resolution

MTCDBM Development opened a pmr with IBM to address this problem condition of running Java 8 SR6FP25 (or above), and it not honoring TLSv1.2 .   IBM created APAR IJ36207 to address this problem condition, to be available early 2022. 

The current circumvention to this problem scenario is to either use Java 8 pre-SR6FP25 64bit or to modify the Java 8 SR6FP25 (or above) 64bit Java.Security File's jdk.tls.disabledAlgorithms parameter to include TLSv1.3 to the list of disabled algorithms.