SQL Server MsSQL driver which could not establish a secure connection by using Secure Sockets Layer (SSL)?

m1m5dgzv  于 2023-08-02  发布在  其他
关注(0)|答案(2)|浏览(99)

I use standard driver com.microsoft.sqlserver.jdbc.SQLServerDriver to connect to a MSSQL server. I run my program in Eclipse and encounter error:

Failed to obtain JDBC Connection; nested exception is com.microsoft.sqlserver.jdbc.SQLServerException: 
The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. 
Error: "The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]"

My environment is openjdk version "11.0.11" 2021-04-20 LTS and the project use same JRE system library in Eclipse. The weird thing is, I package my project to JAR and it runs well in another machine, which is openjdk version "11.0.9.1" 2020-11-04 LTS.

A few months ago, I was able to run my program in the development environment, but now I fail. I may have made some changes to the development environment during this period, so I don't know if it has anything to do with the JDK version.

Any hint is welcome and thank you in advance.

biswetbf

biswetbf1#

Thanks for SchmitzIT! The thread is actually guide me to a workable solution which I would like to re-post here for a record!

https://aws.amazon.com/blogs/opensource/tls-1-0-1-1-changes-in-openjdk-and-amazon-corretto/

Above article have some valuable information which works for me:

  • JDK8 8u292 and newer, JDK11 11.0.11 and newer, JDK16 is disabling TLS 1.0 and 1.1
  • Modify (remove TLSv1 and/or TLSv1.1) jdk.tls.disabledAlgorithms in java.security configuration file located in the jre/lib/security folder for OpenJDK 8 or conf/security for OpenJDK 11 and higher will enable legacy TLS!

PS. But add a file enableLegacyTLS.security to override setting in java.security doesn't work for me (OpenJDK 11). Don't know why.

ymdaylpp

ymdaylpp2#

I had this issue recently, it was because I was trying to connect to an old version of Microsoft SQL Server (2012, ver. 11.00.3156) using the latest versión of the SQL Server JDBC Driver (ver. 12.2.0) with a newer versión JDK (ver. 11.0.15).

It happens because newer versión of JDK by default dissable some old security algorithms like TLSv1.0 (in favor of newer like TLSv1.2/TLSv1.3) which the old SQL Server is requiring as security algorithm.

To solve the issue I changed the JDBC driver to an older version 8.2.2 and I had to pass some java security VM options to the JDK to override some security configs and remove TLSV1.0 from the disabled algorithms

VM options to pass to JDK

-Djdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL

(note that TLSv1.0 and TLSv1.1 are removed from the original JDK list)

Doing that I managed to successfully connect to the old SQL Server 2012. Hope this help you

相关问题