stackoom
  简体   繁体   中英

How do I allow Java client TLS10 connections?

 原文  2021-10-18 23:33:48       java/ eclipse/ mssql-jdbc

Question

While attempting to do a hello world MSSQL JDBC connection in Eclipse with Java 16, I'm getting this error:

"...server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]..."

Upon searching, it appears my Java client is not allowing this TLS version while trying to connect to my deprecated MSSQL instance. How do I enable it?

Here's how I added the MSSQL JDBC driver:

2 answers

solution1
 1  2021-10-18 23:33:48

Solution (though be aware of security risks):

  • C:\\Program Files\\Java\\jdk-16.0.1\\conf\\security\\java.security
  • Or C:\\Program Files\\Java\\jre7\\lib\\security\\java.security
  • Remove "TLSv1, TLSv1.1, " from this line:

jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \\

DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL

solution2
 0  2022-09-13 11:57:23

TLS 1.0 and 1.1 are disabled by default in latest Java versions (OpenJDK 11.0.11 onwards). Because these versions of TLS have weakened over time and lack support for stronger, more modern algorithms.

Solution:

Patch your MSSQL server and enable TLS1.2 on your MSSQL Server as per the Microsoft KB article: https://support.microsoft.com/en-us/topic/kb3135244-tls-1-2-support-for-microsoft-sql-server-e4472ef8-90a9-13c1-e4d8-44aad198cdbe

Alternate Solutions : (Prone to security risks)

  1. Enabling them by doing modification in existing java.security file of installed JDK as mentioned in Kevin's answer.
  2. Or by overriding java.security for your specific application as given below.( preferred )
  • Create a file named enableLegacyTLS.security.
  • In that file, add an entry for jdk.tls.disabledAlgorithms with the same contents as the jdk.tls.disabledAlgorithms property in the java.security file.
 jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \ DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL,...

  • Remove TLSv1, TLSv1.1, from the list on the enableLegacyTLS.security.

  • Start your application with -Djava.security.properties=path/to/enableLegacyTLS.security

Note: In last point, When you use a double equals sign (==), you tell the JVM to ignore the default java.security file and load only this file. But if a single equals sign (=) is used, it loads both your copy and superimposes it over the default java.security file

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question how to fix The server selected protocol version TLS10 is not accepted by client preferences [TLS12] ERROR CONNECTING TO SQL SERVER 2014 WITH NETBEANS SSL TLS10 [TLS12] How to allow connections only over proxy in Java? How to force java server to accept only tls 1.2 and reject tls 1.0 and tls 1.1 connections Java 11 SSLHandshakeException with TLS 1.3: How do I revert to TLS 1.2? How do I configure a TLS client configuration from Spring Boot to MongoDB instance? How do I do TLS with BouncyCastle? how do I test a Java SIP client? How to allow connections to a socket only within the same host in java How do I implement TLS in my axis2 web service client?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM