Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Java 1.8.0 enable TLS1.2 in JDBC connection

I have an SQL Server 2014 updated to the latest fixpack (12.0.5207). In the environment, the only protocol enabled is TLS1.2 (the registry keys has been set for the purpose). I can connect to the SQL server using the SA account both locally and remotely using Management Studio.

However when I try establishing a connection to the SQL server using java code and the JDBC driver sqljdbc42.jar the following exception is thrown:

The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed.

The java code is the following:

public static void main(String[] args) 
{
    try 
    {
        Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver");
    }
    catch (ClassNotFoundException e) 
    {
        System.out.println( e.toString() ); 
    }

    String connectionUrl =  "jdbc:sqlserver://localhost:1433;" +  
                            "databaseName=TRCDB;user=sa;password=**********;";  
    try 
    {
        Connection con = DriverManager.getConnection(connectionUrl);
    } 
    catch (SQLException e) 
    {
        System.out.println( e.toString() ); 
    } 
}

When the JVM is launched the following option are passed:

-Djavax.net.debug=all -Djdk.tls.client.protocols="TLSv1.2" -Dhttps.protocols="TLSv1.2"

So although only TLSv1.2 is enabled the "Client Hello" is done using TLSv1:

jdk.tls.client.protocols is defined as TLSv1.2 SSLv3 protocol was requested but was not enabled 
SUPPORTED: [TLSv1, TLSv1.1, TLSv1.2] 
SERVER_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2] 
CLIENT_DEFAULT: [TLSv1.2] 
...
*** ClientHello, TLSv1
...
main, WRITE: TLSv1 Handshake
...
main, called close()
main, called closeInternal(true)
main, SEND TLSv1.2 ALERT:  warning, description = close_notify
main, WRITE: TLSv1.2 Alert, length = 2

Is it the TLS version the root cause of the problem? How can I force TLSv1.2?

like image 429
Bemipefe Avatar asked Oct 16 '25 20:10

Bemipefe


1 Answers

Older versions of Microsoft's JDBC driver for SQL Server apparently assume that TLS v1.1 will be available on the server. That is, they were not coded to handle the case where the server explicitly rejects (or ignores) TLS v1.1 traffic.

Starting with JDBC driver version 6.3.2 we can add ;sslProtocol=TLSv1.2 to our connection URLs to specify the TLS version to use.

like image 55
Gord Thompson Avatar answered Oct 18 '25 09:10

Gord Thompson



Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!