Received fatal alert: protocol_version - when using SecureAS400 class

[amjathrahman]

Hi All,

In one of our customer places, we are getting this "Received fatal alert: protocol_version" when using SecureAS400 class. These are the SSL ports we have opened in the application server 448,9475,9473,9476,9474 from which our application is running. for testing purposes, if we enable the non-SSL ports then the application is working fine with AS400 class.

We are using new SecureAS400(IPAdress, Username, Password) new AS400(IPAdress, Username, Password)

By reading the error message it seems an issue with the TLS version, but I am not too sure what needs to be checked on the AS400 application side as well as what needs to be done on my application side.

please help me on this issue.

With Thanks Amjath

[ThePrez]

Hi, Amjath. What IBM i version are you running? What Java version (and distribution) are you using? Generally this error means that one side of the communication requires a protocol that is newer than the other side is willing to support. Most commonly, TLS 1.3 is not enabled on the server, but the client code is running a new(ish) Java version that doesn't want to use earlier TLS versions.

This document may help with server-side configuration: https://www.ibm.com/support/pages/configuring-your-ibm-i-system-secure-sockets-layer-ssltransport-layer-security-tls-protocols-and-cipher-suites

[amjathrahman]

Hi @ThePrez,

The IBM i Version we are trying to connect is IBM 7.3 version on AS400 server & I have tried the latest version of JT400 version as well, we are using this JT400 in our dot net stack application using the IKVM to convert the jar file. In the pocket the client hello was send as TSL Version 1.0 any possible help on this ?

With Thanks Amjath

[richardschoen]

Did you try creating a java app to connect with the secure layer using just jt400.jar ? This is the first test you should do.

You may find that JT400 with IKVM doesn't support the secure layer. I've never been able to get it to work. Works great on unsecure layers.

Have you been able to get the secure connection to work on other systems ?

[amjathrahman]

Hi @richardschoen,

Yes, I have created a sample Java application where it was all working fine with the secure layer, the same code I migrated to c# using IKVM the secure layer is not working which is sending the client hello with TLS version 1.0, on the other side the non-secure layer works fine.

Is there any workaround available to make it work? or is there any alternative for the .net application to connect as400 in a secure layer?

With Thanks Amjath

[richardschoen]

Probably the IBM i Access ODBC driver is the best choice for you. It should work over secure connections and you can call programs and stored procedures as necessary.

[amjathrahman]

Hi @richardschoen,

Using IBM i Access ODCB can we call all the as400 system calls like below 1.CRTUSRPRF 2.CHGUSRPRF 3.IAMCHGUSR

do I get any sample guide for the ODCb

With Thanks Amjath

[richardschoen]

Check out this wrapper class. There's an example method for running a cl command: https://github.com/richardschoen/IbmiOdbcDataAccess There are no official example docs I am aware of.