DB2 JDBC SSL Connection

Question

Recently our partner have updated their database environment to use SSL, and we need to update our application config in order to establish the connection with the database.

I have generated the JKS file and also have imported the certificates to the JKS.

When I use SQL Squirrel connection string:

jdbc:db2://[host]:[port]/[databaseName]:sslConnection=true;sslTrustStoreLocation=c:\db2_ssl\db2.jks;sslTrustStorePassword=teste123;

It connectes successfully.

If I use the exact the same connection string:

Connection connection = DriverManager.getConnection("jdbc:db2://[host]:[port]/[databaseName]:sslConnection=true;sslTrustStoreLocation=c:\db2_ssl\db2.jks;sslTrustStorePassword=teste123;", "myuser", "mypassword");

It throws me the exception as follows:

com.ibm.db2.jcc.am.DisconnectNonTransientConnectionException: [jcc][t4][2030][11211][3.64.96] A communication error occurred during operations on the connection's underlying socket, socket input stream, 
or socket output stream.  Error location: T4Agent.sendRequest() - flush (-1).  Message: Received fatal alert: handshake_failure. ERRORCODE=-4499, SQLSTATE=08001
    at com.ibm.db2.jcc.am.bd.a(bd.java:321)
    at com.ibm.db2.jcc.t4.a.a(a.java:548)
    at com.ibm.db2.jcc.t4.a.a(a.java:543)
    at com.ibm.db2.jcc.t4.a.f(a.java:484)
    at com.ibm.db2.jcc.t4.a.flush_(a.java:390)
    at com.ibm.db2.jcc.am.Agent.flowOutsideUOW(Agent.java:246)
    at com.ibm.db2.jcc.t4.b.b(b.java:1220)
    at com.ibm.db2.jcc.t4.b.b(b.java:788)
    at com.ibm.db2.jcc.t4.b.a(b.java:760)
    at com.ibm.db2.jcc.t4.b.a(b.java:421)
    at com.ibm.db2.jcc.t4.b.a(b.java:396)
    at com.ibm.db2.jcc.t4.b.<init>(b.java:334)
    at com.ibm.db2.jcc.DB2SimpleDataSource.getConnection(DB2SimpleDataSource.java:232)
    at com.ibm.db2.jcc.DB2SimpleDataSource.getConnection(DB2SimpleDataSource.java:198)
    at com.ibm.db2.jcc.DB2Driver.connect(DB2Driver.java:475)
    at com.ibm.db2.jcc.DB2Driver.connect(DB2Driver.java:116)
    at java.sql.DriverManager.getConnection(DriverManager.java:379)
    at java.sql.DriverManager.getConnection(DriverManager.java:415)
    at com.ibm.sdpi.wmb.flows.productdata.ProductDataAnnouncementNode.evaluate(ProductDataAnnouncementNode.java:93)
    at com.ibm.broker.javacompute.MbRuntimeJavaComputeNode.evaluate(MbRuntimeJavaComputeNode.java:265)
    at com.ibm.broker.plugin.MbNode.evaluate(MbNode.java:1480)
    at com.ibm.broker.plugin.MbOutputTerminal._propagate(Native Method)
    at com.ibm.broker.plugin.MbOutputTerminal.propagate(MbOutputTerminal.java:114)
    at com.ibm.sdpi.wmb.flows.common.SDPIOutboundCommon_JavaCompute.evaluate(SDPIOutboundCommon_JavaCompute.java:226)
    at com.ibm.broker.javacompute.MbRuntimeJavaComputeNode.evaluate(MbRuntimeJavaComputeNode.java:265)
    at com.ibm.broker.plugin.MbNode.evaluate(MbNode.java:1480)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at com.ibm.jsse2.o.a(o.java:22)
    at com.ibm.jsse2.o.a(o.java:34)
    at com.ibm.jsse2.SSLSocketImpl.b(SSLSocketImpl.java:378)
    at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:479)
    at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:437)
    at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:772)
    at com.ibm.jsse2.k.write(k.java:3)
    at com.ibm.db2.jcc.t4.db.b(db.java:1685)
    at com.ibm.db2.jcc.t4.db.a(db.java:1633)
    at com.ibm.db2.jcc.t4.a.f(a.java:451)
    ... 22 more

I am using the exact same DB2 drivers in SQL Squirrel and application.

Why it does work in SQL Squirrel and it doesn't using DriverManager?

Do you have any ideas how to connect to a remote DB2 database using SSL?

Thanks in advance.

Answer 1

Appreciate all responses. After several tests I could realize that the "problem" is on JDK. I changed to use JDK 1.8 and it worked successfully.

Not sure if we have a workaround for other JDK versions.

Thank you.