The latest PTFs for V7R4 of the IBMi Operating System includes a java update that disables the TLS protocol by default on your system. If, after applying them, you get reports of customers not receiving emails, here are the exceptions you will see in your Java debug logs, if you are affected by this issue:

[2021-09-14 17:06:50,916] ERROR Can’t send command to SMTP host

javax.mail.MessagingException: Can’t send command to SMTP host;

nested exception is:

javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

at com.sun.mail.smtp.SMTPTransport.sendCommand(SMTPTransport.java:1420)

at com.sun.mail.smtp.SMTPTransport.sendCommand(SMTPTransport.java:1408)

at com.sun.mail.smtp.SMTPTransport.ehlo(SMTPTransport.java:847)

at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:384)

at javax.mail.Service.connect(Service.java:275)

at com.cybra.email.EmailAccount.testConnection(EmailAccount.java:196)

at com.cybra.email.EmailAccount.testConnection(EmailAccount.java:137)

Caused by:

javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

at com.ibm.jsse2.aa.<init>(aa.java:154)

at com.ibm.jsse2.ab.<init>(ab.java:16)

at com.ibm.jsse2.bb.a(bb.java:67)

at com.ibm.jsse2.bj.a(bj.java:243)

at com.ibm.jsse2.bj.f(bj.java:49)

at com.ibm.jsse2.bj.access$200(bj.java:406)

at com.ibm.jsse2.bj$c.write(bj$c.java:12)

at com.sun.mail.util.TraceOutputStream.write(TraceOutputStream.java:101)

at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:93)

at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:151)

at com.sun.mail.smtp.SMTPTransport.sendCommand(SMTPTransport.java:1418)

… 6 more

This change is made in

“/QOpenSys/QIBM/ProdData/JavaVM/jdk80/64bit/jre/lib/security/java.security” and “/QOpenSys/QIBM/ProdData/JavaVM/jdk80/32bit/jre/lib/security/java.security”

For 64 bit and 32 bit versions, respectively.

Within the files, there is a line that lists the disabled algorithms.  An example of this line is as follows:

“jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, DH keySize < 1024, DESede, \ EC keySize < 224, 3DES_EDE_CBC, anon, NULL, DES_CBC”

For TLS to work again, you need to remove the references to it from this line and save the changes.

In the above example, the new line would read as follows:

“jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, DESede, \ EC keySize < 224, 3DES_EDE_CBC, anon, NULL, DES_CBC”

Once the change has been made, you will need to get a fresh sign on and restart the JVM subsystem.

Enterprise Barcode Label Software

RFID Tracking Software

Barcode Labeling Software

RFID Tracking Software

Resources

[2023 RFID Integration Guide]

Have you been handed an RFID tag mandate from one of your retail partners? This ebook is a complete guide that will help manufacturers, and distributors reap great benefits from deploying RFID into your operations.

Company

CYBRA specializes in RFID technology, real time tracking systems, and enterprise barcode label software solutions.

Contact CYBRA
Contact Us

We're here to help! Get in touch with CYBRA’s sales and support teams.

Join the CYBRA partner network
Become a Partner

Join the CYBRA Partner Network to integrate or resell our software.