search

Mapepire-IBMi / mapepire-js

TS client for Db2 for i/Mapepire
Apache License 2.0
8 stars 4 forks source link

secure TLS connection cannot be established with Mapepire on i7adt01/p9adt02 #27

Closed william-xiang closed 1 month ago

william-xiang commented 1 month ago

Error message: Error: Client network socket disconnected before secure TLS connection was established

Seems like client and server cannot agree on the cipher suite. This is the error on the server side after enabling ssl debugging using -Djavax.net.debug=ssl:handshake:

javax.net.ssl|SEVERE|45|qtp266333104-69|2024-08-21 17:14:56.574 EDT|Thread.java:1175|Fatal (HANDSHAKE_FAILURE): no cipher suites in common (
"throwable" : {
  javax.net.ssl.SSLHandshakeException: no cipher suites in common
        at com.ibm.jsse2.g.a(g.java:38)
        at com.ibm.jsse2.g.a(g.java:16)
        at com.ibm.jsse2.bb.a(bb.java:222)
        at com.ibm.jsse2.bb.a(bb.java:22)
        at com.ibm.jsse2.bb.a(bb.java:88)
        at com.ibm.jsse2.a2$d.a(a2$d.java:43)
        at com.ibm.jsse2.a2$d.produce(a2$d.java:75)
        at com.ibm.jsse2.p.produce(p.java:63)
        at com.ibm.jsse2.G$e.a(G$e.java:73)
        at com.ibm.jsse2.G$b.a(G$b.java:2)
        at com.ibm.jsse2.G$b.consume(G$b.java:15)
        at com.ibm.jsse2.p.consume(p.java:56)
        at com.ibm.jsse2.aa.a(aa.java:142)
        at com.ibm.jsse2.bg$a$b.a(bg$a$b.java:4)
        at com.ibm.jsse2.bg$a$b.run(bg$a$b.java:10)
        at java.security.AccessController.doPrivileged(AccessController.java:774)
        at com.ibm.jsse2.bg$a.run(bg$a.java:22)
        at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:654)
        at org.eclipse.jetty.server.HttpConnection.fillRequestBuffer(HttpConnection.java:350)
        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260)
        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
        at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:555)
        at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:410)
        at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:164)
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
        at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)
        at java.lang.Thread.run(Thread.java:830)}

)
javax.net.ssl|WARNING|45|qtp266333104-69|2024-08-21 17:14:56.577 EDT|Thread.java:1175|outbound has closed, ignore outbound application data
william-xiang commented 1 month ago

This is because Java on these two machines are really old and don't have the ciphers required by client. Changing to use newer version java resolves this issue.