Feedback

Feedback

Did this article resolve your question/issue?

   

Article

Unexpected default CryptoProtocolVersion connection property behavior for PostgresSQL driver

Printable View

Information

 
TitleUnexpected default CryptoProtocolVersion connection property behavior for PostgresSQL driver
URL NameUnexpected-default-CryptoProtocolVersion-connection-property-behavior-for-PostgresSQL-driver
Article Number000175168
EnvironmentProduct: Connect for JDBC PostgresSQL driver
Version: All supported versions
OS: Java
Database: PostgreSQL
Application: All supported applications
Question/Problem Description
Can't connect to PostgresSQL without specifying the connection parameter CryptoProtocolVersion.
Steps to Reproduce
Clarifying Information
The PostgreSQL database configure to accept SSL connections using TLSv1.2 only.
The connect option CryptoProtocolVersion is not set expecting the connection to auto-negociate to using TLSv1.2.
Succesful connections only occur when setting CryptoProtocolVersion=TLSv1.2.
Not setting the CryptoProtocolVersion parameter the connections fails. 
The issue occurs when using IBM’s Java version "1.8.0_231".
Error Message[DataDirect][PostgreSQL JDBC Driver]SSL handshake failed: Received fatal alert: handshake_failure.
Defect Number
Enhancement Number
Cause
The issue is with the IBM Java. The JVM has a list of supported crypto protocol versions, but doesn't necessarily include all of them in its handshake negotiation. IBM is aware of the issue.
Resolution
Use one of the following options to resolve the issue:

1) Set the connect option CryptoProtocolVersion=TLSv1.2
2) Contact IBM for an update on a fix for this issue.
3) Swittch to a different flavor of Java. The issue does not occur with OpenJDK 8.0.6.0.

 
Workaround
Notes
Last Modified Date2/12/2020 3:22 PM
Files
Disclaimer The origins of the information on this site may be internal or external to Progress Software Corporation (“Progress”). Progress Software Corporation makes all reasonable efforts to verify this information. However, the information provided is for your information only. Progress Software Corporation makes no explicit or implied claims to the validity of this information.

Any sample code provided on this site is not supported under any Progress support program or service. The sample code is provided on an "AS IS" basis. Progress makes no warranties, express or implied, and disclaims all implied warranties including, without limitation, the implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample code is borne by the user. In no event shall Progress, its employees, or anyone else involved in the creation, production, or delivery of the code be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample code, even if Progress has been advised of the possibility of such damages.


Copyright © 2022 Progress Software Corporation and/or its subsidiaries or affiliates.
All Rights Reserved.

Progress, Telerik, Ipswitch, Chef, Kemp, Flowmon and certain product names used herein are trademarks or registered trademarks of Progress Software Corporation and/or one of its subsidiaries or affiliates in the U.S. and/or other countries. See Trademarks for appropriate markings.

Terms of Use Privacy Center Security Center Trademarks License Agreements Code of Conduct Careers Offices
Do Not Sell My Personal Information