I use standard driver com.microsoft.sqlserver.jdbc.SQLServerDriver to connect to a MSSQL server. I run my program in Eclipse and encounter error:
Failed to obtain JDBC Connection; nested exception is com.microsoft.sqlserver.jdbc.SQLServerException:
The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption.
Error: "The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]"
My environment is openjdk version "11.0.11" 2021-04-20 LTS and the project use same JRE system library in Eclipse. The weird thing is, I package my project to JAR and it runs well in another machine, which is openjdk version "11.0.9.1" 2020-11-04 LTS.
A few months ago, I was able to run my program in the development environment, but now I fail. I may have made some changes to the development environment during this period, so I don't know if it has anything to do with the JDK version.
Any hint is welcome and thank you in advance.
2条答案
按热度按时间biswetbf1#
Thanks for SchmitzIT! The thread is actually guide me to a workable solution which I would like to re-post here for a record!
https://aws.amazon.com/blogs/opensource/tls-1-0-1-1-changes-in-openjdk-and-amazon-corretto/
Above article have some valuable information which works for me:
PS. But add a file enableLegacyTLS.security to override setting in java.security doesn't work for me (OpenJDK 11). Don't know why.
ymdaylpp2#
I had this issue recently, it was because I was trying to connect to an old version of Microsoft SQL Server (2012, ver. 11.00.3156) using the latest versión of the SQL Server JDBC Driver (ver. 12.2.0) with a newer versión JDK (ver. 11.0.15).
It happens because newer versión of JDK by default dissable some old security algorithms like TLSv1.0 (in favor of newer like TLSv1.2/TLSv1.3) which the old SQL Server is requiring as security algorithm.
To solve the issue I changed the JDBC driver to an older version 8.2.2 and I had to pass some java security VM options to the JDK to override some security configs and remove TLSV1.0 from the disabled algorithms
VM options to pass to JDK
(note that TLSv1.0 and TLSv1.1 are removed from the original JDK list)
Doing that I managed to successfully connect to the old SQL Server 2012. Hope this help you