/
Technical Reference Document: DB2 connection using TLS

Technical Reference Document: DB2 connection using TLS

By default the DB2 driver does not encrypt it's data when sending transactions between the db2jcc*.jar client jars. To enable encryption you can enable TLS on the database server and then add the following configurations to enable TLS per URL.

Andi.vmoptions

The first task is to locate the Andi.vmoptions file which is located in your Andi installation directory. Edit the file and add the following two lines, each on it's own line.

  • trustStorePath: The fully qualified path to the java trust store which contains the SSL certificates used by the database.

  • tlsVersion: The database supported TLS version. At this point in time TLSv1.1 and TLSv1.2 are supported but in the near future TLSv1.3 will also be available. Note you will have to make sure you have the correct db2jcc*.jar which matches the database if issues arise to make sure they are compatible.

-Djavax.net.ssl.trustStore=<trustStorePath> -Djdk.tls.client.protocols=<tlsVersion>

Enable TLS for URL

To fully enable TLS, you will have to configure the SSLAutoConfigure option or enable TLS for each URL by selecting an URL, click Update and add the bolded text below. To disable TLS, you can either remove the bolded text or change true to false.

jdbc:db2://<database>:<port>/database:sslConnection=true;

NOTE: This change must be made for each URL that will use TLS when connecting to DB2