Recently, I have been undertaking a lot of patching for clients to cover off the log4j issues inside Cognos Analytics. This has led me to update a number of clients from earlier fix pack levels of CA to the latest 11.1.7 FP4+.
I have to say I haven't hit any issues as a direct result of the patch but an interesting
gotcha has appeared between Fix Pack 3 and 4 with the disabling of TLS1.0 and TLS1.1 data source connections via JDBC.
When you test a connection to a legacy data source (this example is SQL Server 2008 R2) the connection via JDBC fails with the error below. Previously, this has worked.
- Edit the file java.security. I use NotePad++ for ease of use.
- Search the file for the string ‘jdk.tls.disabledAlgorithms’.
- Make a copy out of the line and comment out one of them using a #.
- Alter the list to take out the references to TLSv1 and TLSv1.1.
- Save the file overwriting the existing one.
- Restart the IBM Cognos Service for the change to take effect.
- Retest the Connection and now the client and JDBC connections should test successfully.
The existing line in java.security should read:
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, DH keySize < 1024, DESede, \
EC keySize < 224, 3DES_EDE_CBC, anon, NULL, DES_CBC
and the modified version should look like:
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, DESede, \
EC keySize < 224, 3DES_EDE_CBC, anon, NULL, DES_CBC
#CognosAnalyticswithWatson