Using FastDataMasker-184.108.40.206 and trying to mask DB2 database which is SSL enabled.
Using the additional parameters to connect with the SSL enabled DB2 instance:
Getting below error when trying to connect to the DB:
JCC][T4][4.19.66] A COMMUNICATION ERROR OCCURRED DURING
OPERATIONS ON THE CONNECTION'S UNDERLYING SOCKET, SOCKET INPUT STREAM,
OUTPUT STREAM. ERROR LOCATION: REPLY.FILL() - SOCKETINPUTSTREAM.READ (-1).
MESSAGE: THE SERVER SELECTED PROTOCOL VERSION TLS11 IS NOT ACCEPTED BY CLIENT
PREFERENCES [TLS12]. ERRORCODE=-4499,
As this error states, the TLS preference of FDM(client) is TLSv 1.2 where has the DB2(server) database is using TLSv1.1 for SSL handshake and thus the handshake is failing.
The FDM uses is own JRE rather than the system JRE starting from version FastDataMasker-220.127.116.11 which has got Open JDK 292 build and uses TLSv1.2 for SSL handshake.
Release : 4.9
Component : Fast Data Masker
**NOTE: TLSv1.1 has been disabled in latest versions of Java be the vendors due to security reasons and it is recommended to make sure that all servers and applications use TLSv1.2.
However, since FDM is shipping the JRE with it, follow below steps to enable TLSv1.1 from FDM side for SSL handshake.
- Exit from FDM.
- Go to (default path - your path may be different) "C:\Program Files\AdoptOpenJDK\jre-80212.04\lib\security"
- Open java.security file.
- Find the property "jdk.tls.disabledAlgorithms"
- From the list of values, remove TLSv1.1 and save the file.
- Restart FDM and try again.