stackoom
  简体   繁体   中英

Java 1.8.0 enable TLS1.2 in JDBC connection

 原文  2018-01-26 15:54:12       java/ sql-server/ jdbc

Question

I have an SQL Server 2014 updated to the latest fixpack ( 12.0.5207 ). In the environment, the only protocol enabled is TLS1.2 (the registry keys has been set for the purpose). I can connect to the SQL server using the SA account both locally and remotely using Management Studio.

However when I try establishing a connection to the SQL server using java code and the JDBC driver sqljdbc42.jar the following exception is thrown:

The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed.

The java code is the following: 

public static void main(String[] args) 
{
    try 
    {
        Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver");
    }
    catch (ClassNotFoundException e) 
    {
        System.out.println( e.toString() ); 
    }

    String connectionUrl =  "jdbc:sqlserver://localhost:1433;" +  
                            "databaseName=TRCDB;user=sa;password=**********;";  
    try 
    {
        Connection con = DriverManager.getConnection(connectionUrl);
    } 
    catch (SQLException e) 
    {
        System.out.println( e.toString() ); 
    } 
}

When the JVM is launched the following option are passed:

-Djavax.net.debug=all -Djdk.tls.client.protocols="TLSv1.2" -Dhttps.protocols="TLSv1.2"

So although only TLSv1.2 is enabled the "Client Hello" is done using TLSv1:

jdk.tls.client.protocols is defined as TLSv1.2 SSLv3 protocol was requested but was not enabled 
SUPPORTED: [TLSv1, TLSv1.1, TLSv1.2] 
SERVER_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2] 
CLIENT_DEFAULT: [TLSv1.2] 
...
*** ClientHello, TLSv1
...
main, WRITE: TLSv1 Handshake
...
main, called close()
main, called closeInternal(true)
main, SEND TLSv1.2 ALERT:  warning, description = close_notify
main, WRITE: TLSv1.2 Alert, length = 2

Is it the TLS version the root cause of the problem? How can I force TLSv1.2 ?

2 answers

solution1
 9 ACCPTED  2018-01-29 15:06:10

Older versions of Microsoft's JDBC driver for SQL Server apparently assume that TLS v1.1 will be available on the server. That is, they were not coded to handle the case where the server explicitly rejects (or ignores) TLS v1.1 traffic.

Starting with JDBC driver version 6.3.2 we can add ;sslProtocol=TLSv1.2 to our connection URLs to specify the TLS version to use.

solution2
 0  2020-07-14 21:25:21

The latest version of the driver fixed this issue for me. Version downloaded from here https://docs.microsoft.com/en-us/sql/connect/jdbc/download-microsoft-jdbc-driver-for-sql-server?view=sql-server-ver15 and used in JBoss 7.2 server. With this version I did not need to add anything to my connection URL. I had to modify my module.xml for the new file name but did not need to alter the dependencies section. I was getting the same response and this resolved it. I did not add any -D JVM options like the OP mentions.

*** ClientHello, TLSv1 ... main, WRITE: TLSv1 Handshake ... main, called close() main, called closeInternal(true) main, SEND TLSv1.2 ALERT: warning, description = close_notify main, WRITE: TLSv1.2 Alert, length = 2

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question TLS1.2 support with Java 6 .Net Client - Java server Connection problem using tls1.2 Creating a TLS1.2 connection to http server in Java Create ActiveMQ Connection on TLS1.2 How to set TLS1.2 version in Java How to establish a connection with TLS1.2 protected oracle server? Java 1.6 + BouncyCastle + TLS1.2 (handshake_failure(40)) How to enable TLS 1.2 in Java 7 SQL Server Jdbc driver unable to connect to database using TLS1.2 How to enable TLS1.2 for tomcat webserver connections We are using tomcat 7.0.82
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM