Have you got the same code working called from java?

I would suggest get that working using TLS1.2 first if you haven't already
done so.

That way at least you can validate you have everything you need for TLS 1.2
then switch it over to calling it from RPG once you have that working.

If you have done that then it's likely a classpath/authority issue I would
guess, and making sure everything you need is being picked up correctly

On Fri, 10 Sep 2021, 14:37 Blake Butterworth, <BButterworth@xxxxxxxxxxxxxx>
wrote:

Hello All,

We have an RPG application that uses a Java class to perform HTTPS REST
requests to an external web API. The connectivity between the systems broke
recently (probably due to an update applied on the other side). We’ve
determined the problem is that the process needs to establish a TLS
1.2-level connection since by default the Java environment appears to use
an older, now unsupported version of TLS. We found a way to enable the Java
code to establish a TLS 1.2 connection with the following property:

-Dcom.ibm.jsse2.overrideDefaultTLS=true

When we run a Java test app within QSH from the command line, it causes
the Java code to negotiate a connection using TLS 1.2, which fixes our
problem.

Java -Dcom.ibm.jsse2.overrideDefaultTLS=true <class>

When we put the property into the RPG program using the
QIBM_RPG_JAVA_PROPERTIES environment variable, it fails. The JVM has an
error on startup. We tried using ADDENVVAR and then the command line
invocation without the property, which doesn’t work either. Lastly, we
tried putting the property in a SystemDefault.properties file. It seems the
system sees the property, but the JVM fails on startup.

Has anyone else run into something like this? Is there a better/alternate
way to configure Java to use TLS 1.2? We are currently running Java 8 on
IBM i 7.2. Sorry, this is kind of a cross-over question. I can post it to
the RPG side, if need be.

Thanks,
Blake Butterworth

Application Development Manager

Kansas Turnpike Authority
--
This is the Java Programming on and around the IBM i (JAVA400-L) mailing
list
To post a message email: JAVA400-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/java400-l
or email: JAVA400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/java400-l.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2021 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.