Java 1.8.0 在 JDBC 连接中启用 TLS1.2
[英]Java 1.8.0 enable TLS1.2 in JDBC connection
问题描述
I have an SQL Server 2014 updated to the latest fixpack ( 12.0.5207 ).
我有一个 SQL Server 2014 更新到最新的修订包 ( 12.0.5207 )。 In the environment, the only protocol enabled is TLS1.2 (the registry keys has been set for the purpose).在环境中,唯一启用的协议是 TLS1.2(为此目的设置了注册表项)。 I can connect to the SQL server using the SA account both locally and remotely using Management Studio.我可以使用 SA 帐户在本地和远程使用 Management Studio 连接到 SQL 服务器。
However when I try establishing a connection to the SQL server using java code and the JDBC driver sqljdbc42.jar the following exception is thrown:但是,当我尝试使用 java 代码和 JDBC 驱动程序sqljdbc42.jar建立与 SQL 服务器的连接时,抛出以下异常:
The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption.
The java code is the following: java代码如下:
public static void main(String[] args)
{
try
{
Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver");
}
catch (ClassNotFoundException e)
{
System.out.println( e.toString() );
}
String connectionUrl = "jdbc:sqlserver://localhost:1433;" +
"databaseName=TRCDB;user=sa;password=**********;";
try
{
Connection con = DriverManager.getConnection(connectionUrl);
}
catch (SQLException e)
{
System.out.println( e.toString() );
}
}
When the JVM is launched the following option are passed:当 JVM 启动时,传递以下选项:
-Djavax.net.debug=all -Djdk.tls.client.protocols="TLSv1.2" -Dhttps.protocols="TLSv1.2"
So although only TLSv1.2 is enabled the "Client Hello" is done using TLSv1:因此,尽管仅启用了 TLSv1.2,但“Client Hello”是使用 TLSv1 完成的:
jdk.tls.client.protocols is defined as TLSv1.2 SSLv3 protocol was requested but was not enabled
SUPPORTED: [TLSv1, TLSv1.1, TLSv1.2]
SERVER_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2]
CLIENT_DEFAULT: [TLSv1.2]
...
*** ClientHello, TLSv1
...
main, WRITE: TLSv1 Handshake
...
main, called close()
main, called closeInternal(true)
main, SEND TLSv1.2 ALERT: warning, description = close_notify
main, WRITE: TLSv1.2 Alert, length = 2
Is it the TLS version the root cause of the problem? TLS版本是问题的根本原因吗? How can I force TLSv1.2 ?如何强制使用TLSv1.2 ?
2 个解决方案
解决方案1
9 已采纳 2018-01-29 15:06:10
Older versions of Microsoft's JDBC driver for SQL Server apparently assume that TLS v1.1 will be available on the server. Microsoft 用于 SQL Server 的旧版本 JDBC 驱动程序显然假定 TLS v1.1 将在服务器上可用。 That is, they were not coded to handle the case where the server explicitly rejects (or ignores) TLS v1.1 traffic.也就是说,它们没有被编码来处理服务器明确拒绝(或忽略)TLS v1.1 流量的情况。
Starting with JDBC driver version 6.3.2 we can add ;sslProtocol=TLSv1.2 to our connection URLs to specify the TLS version to use.从 JDBC 驱动程序版本 6.3.2开始,我们可以将;sslProtocol=TLSv1.2添加到我们的连接 URL 以指定要使用的 TLS 版本。
解决方案2
0 2020-07-14 21:25:21
The latest version of the driver fixed this issue for me.最新版本的驱动程序为我解决了这个问题。 Version downloaded from here https://docs.microsoft.com/en-us/sql/connect/jdbc/download-microsoft-jdbc-driver-for-sql-server?view=sql-server-ver15 and used in JBoss 7.2 server.从这里下载的版本https://docs.microsoft.com/en-us/sql/connect/jdbc/download-microsoft-jdbc-driver-for-sql-server?view=sql-server-ver15并在 JBoss 7.2 中使用服务器。 With this version I did not need to add anything to my connection URL.在这个版本中,我不需要在我的连接 URL 中添加任何内容。 I had to modify my module.xml for the new file name but did not need to alter the dependencies section.我必须修改我的 module.xml 以获得新文件名,但不需要更改依赖项部分。 I was getting the same response and this resolved it.我得到了同样的回应,这解决了它。 I did not add any -D JVM options like the OP mentions.我没有像 OP 提到的那样添加任何 -D JVM 选项。
*** ClientHello, TLSv1 ... main, WRITE: TLSv1 Handshake ... main, called close() main, called closeInternal(true) main, SEND TLSv1.2 ALERT: warning, description = close_notify main, WRITE: TLSv1.2 Alert, length = 2 *** ClientHello, TLSv1 ... main, WRITE: TLSv1 Handshake ... main, call close() main, call closeInternal(true) main, SEND TLSv1.2 ALERT: warning, description = close_notify main, WRITE: TLSv1. 2 警报,长度 = 2
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.