DSXchange

A short text to describe your forum
http://dsxchange.com/

Client requested protocol TLSv1 not enabled or not supported

http://dsxchange.com/viewtopic.php?f=72&t=157619

Page 1 of 1

Client requested protocol TLSv1 not enabled or not supported

Posted: Thu Nov 09, 2017 7:19 am
by Criaz91
Hi

When I click on "Edit assembly" button in Hierarchical Data stage then I get the following error message on engine tier:

---------------------------------------------------------------------------------------------------------------------------------

Code: Select all

[10/18/17 13:24:29:428 GMT] 0003a4b2 SSLHandshakeE E   SSLC0008E: Unable to initialize SSL connection.  Unauthorized access was denied or security settings have expired.  Exception is javax.net.ssl.SSLHandshakeException: Client requested protocol TLSv1 not enabled or not supported
	at com.ibm.jsse2.ab.y(ab.java:439)
	at com.ibm.jsse2.nc.b(nc.java:227)
	at com.ibm.jsse2.nc.c(nc.java:339)
	at com.ibm.jsse2.nc.wrap(nc.java:256)
	at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:25)
	at com.ibm.ws.ssl.channel.impl.SSLUtils.handleHandshake(SSLUtils.java:744)
	at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.readyInbound(SSLConnectionLink.java:565)
	at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.ready(SSLConnectionLink.java:294)
	at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
	at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
	at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175)
	at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
	at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
	at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
	at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
	at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
	at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
	at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1862)
Caused by: javax.net.ssl.SSLHandshakeException: Client requested protocol TLSv1 not enabled or not supported
	at com.ibm.jsse2.j.a(j.java:24)
	at com.ibm.jsse2.nc.a(nc.java:132)
	at com.ibm.jsse2.ab.a(ab.java:130)
	at com.ibm.jsse2.ab.a(ab.java:207)
	at com.ibm.jsse2.cb.a(cb.java:657)
	at com.ibm.jsse2.cb.a(cb.java:625)
	at com.ibm.jsse2.ab.r(ab.java:528)
	at com.ibm.jsse2.ab$1.a(ab$1.java:2)
	at com.ibm.jsse2.ab$1.run(ab$1.java:1)
	at java.security.AccessController.doPrivileged(AccessController.java:366)
	at com.ibm.jsse2.ab$c_.run(ab$c_.java:11)
	at com.ibm.ws.ssl.channel.impl.SSLUtils.handleHandshake(SSLUtils.java:831)
	... 12 more
.
---------------------------------------------------------------------------------------------------------------------------------

Protocol TLSv1 is disabled on our engine tier (WAS 8.5.5.1 & Infospehere Information Server 11.3.1.2), only TLSv1.2 is allowed (engine tier is installed on SUSE linux).
I get above mentioned error message on Client tier (IIS 11.3.1.2) in Datastage Designer, what is installed on Windows Server 2012. We're using on both tier java version "1.7.0".

Somebody have any idea how to force DataStage client to use only TLSv1.2? I already tried to add "Dcom.ibm.jsse2.overrideDefaultTLS=true -Dcom.ibm.jsse2.overrideDefaultProtocol=TLSv12" in Hierarchical Data stage JVM optional arguments, but it didn't work for me.

Any assistance would be appreciated, thank you in advance.

Posted: Thu Nov 09, 2017 7:41 am
by qt_ky
Try checking the settings and the APAR mentioned in this tech note:

http://www-01.ibm.com/support/docview.w ... wg21699845

Posted: Thu Nov 09, 2017 7:57 am
by Criaz91
Hi, APAR JR52781 is included in "IBM InfoSphere Information Server, Version 11.3.1.2" what we have currently installed, and I did every steps on that page before I posted my question here and it didn't help.

Posted: Thu Nov 09, 2017 10:45 am
by qt_ky
Would have been nice to know that... Have you tried working with Support?

Posted: Tue Nov 14, 2017 7:03 am
by Criaz91
yes, today I contacted support regarding this issue.

Posted: Thu Nov 16, 2017 4:26 am
by skathaitrooney
Did you manage to resolve it ?

Posted: Thu Nov 23, 2017 2:47 am
by skathaitrooney
I performed all the steps mentioned n the IBM tech-note and in the Hierarchial stage passed these Optional Arguments

Code: Select all

-Dcom.ibm.jsse2.overrideDefaultTLS=true -Dcom.ibm.jsse2.overrideDefaultProtocol=TLSv12
It works for me.

Did you manage to work it through ?

Posted: Wed Jan 17, 2018 2:25 pm
by cdp
Hi had a similar issue when trying to call the Microsoft Dynamics 365 API on DS 11.3 fp1 recently... Microsoft disabled support for TLS1, which is perfectly understandable!

I did not need to apply a patch, we just upgraded the JDK and added the following line to the Hierarchical Stage properties:
-Dcom.ibm.jsse2.overrideDefaultTLS=true -Dcom.ibm.jsse2.overrideDefaultProtocol=TLSv12
See here:
http://www-01.ibm.com/support/docview.w ... wg22008850

Wasted days trying to find the issue (Thanks WireShark !) and very tempted to blame it all on Microsoft :roll:
Seriously IBM... TLS v1 in 2018 ??????! :x

Posted: Fri Feb 09, 2018 7:12 am
by Criaz91
I contacted our support, and they recommended that we should use TLSv1 instead of TLSv1.2, if we would like to use hierarchical stage...fix exist, but not for 11.3.

Here is the url for that fix (11.5 ): https://www-01.ibm.com/support/docview. ... wg1JR57423

Posted: Fri Feb 09, 2018 7:15 am
by Criaz91
cdp - Thanks for your response, I will try your suggestion later :), we're using again TLSv1 for now.
All times are UTC-06:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited