Tag Archives: JDBC connection to SQL Service error

[Solved] JDBC connection to SQL Service reported an error: “the driver cannot establish a secure connection with SQL server by using SSL encryption“

1. Environment

IDE : IDEA

JDK : JAVA1.8

SQL Server Version: SQL Server 2008

2. Specific error information

2019-09-16 17:43:11 [Druid-ConnectionPool-Create-847839957] ERROR c.a.d.p.DruidDataSource - create connection SQLException, url: jdbc:sqlserver://localhost;DatabaseName=PT_STORE_HLW, errorCode 0, state 08S01
com.microsoft.sqlserver.jdbc.SQLServerException: The driver was unable to establish a secure connection to SQL Server by using Secure Socket Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection was closed. ClientConnectionId:22dc49b0-221d-4a51-9a84-8d507658df6e”。
	at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:1667)
	at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1668)
	at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:1323)
	at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:991)
	at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:827)
	at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:1012)
	at com.alibaba.druid.filter.FilterChainImpl.connection_connect(FilterChainImpl.java:156)
	at com.alibaba.druid.filter.stat.StatFilter.connection_connect(StatFilter.java:218)
	at com.alibaba.druid.filter.FilterChainImpl.connection_connect(FilterChainImpl.java:150)
	at com.alibaba.druid.pool.DruidAbstractDataSource.createPhysicalConnection(DruidAbstractDataSource.java:1560)
	at com.alibaba.druid.pool.DruidAbstractDataSource.createPhysicalConnection(DruidAbstractDataSource.java:1623)
	at com.alibaba.druid.pool.DruidDataSource$CreateConnectionThread.run(DruidDataSource.java:2468)
Caused by: java.io.IOException: SQL Server No response returned. The connection is closed. ClientConnectionId:22dc49b0-221d-4a51-9a84-8d507658df6e
	at com.microsoft.sqlserver.jdbc.TDSChannel$SSLHandshakeInputStream.ensureSSLPayload(IOBuffer.java:651)
	at com.microsoft.sqlserver.jdbc.TDSChannel$SSLHandshakeInputStream.readInternal(IOBuffer.java:708)
	at com.microsoft.sqlserver.jdbc.TDSChannel$SSLHandshakeInputStream.read(IOBuffer.java:700)
	at com.microsoft.sqlserver.jdbc.TDSChannel$ProxyInputStream.readInternal(IOBuffer.java:895)
	at com.microsoft.sqlserver.jdbc.TDSChannel$ProxyInputStream.read(IOBuffer.java:883)
	at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
	at sun.security.ssl.InputRecord.read(InputRecord.java:503)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:975)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
	at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1618)
	... 10 common frames omitted

Solution process:

On the Internet, some Baidu said it was because of the problem of JDK1.6, but I used JDK1.8

It is also said that JRE lacks two jar packages, which is not the reason after trying

Solution:

In JDK 8 and earlier, edit the/lib/security/Java. Security file and create 3DES_ EDE_ CBC is removed from the jdk.tls.legacyalgorithms security attribute

Remove 3DES from Java. Security under JDK_EDE_CBC can connect SQL Server with JDBC

In Java 8, the encryption suite is disabled by default: “SSL”_ RSA_ WITH_ 3DES_ EDE_ CBC_ Sha ”
and then to connect successfully, open SSL_ RSA_ WITH_ 3DES_ EDE_ CBC_ The answer is:
open folder (Java)_ Security policy file in home/JRE/lib/Security: Java. Security
Modify JDK. TLS. Disabledalgorithms option jdk.tls.disabledalgorithms = MD5, SSLv3, DSA, RSA keysize & lt; 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024,
EC keySize < 224, DES40_CBC, RC4_ 40,3DES_ EDE_ CBC

To enable SSL_RSA_WITH_3DES_EDE_CBC_Sha, will 3DES_EDE_CBC notes out:

Default values of jdk.tls.disabledalgorithms in Java 8:
jdk.tls.disabledalgorithms = MD5, SSLv3, DSA, RSA keysize < 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024,
EC keySize < 224, DES40_CBC, RC4_40
#,3DES_EDE_CBC