Develop Reference

Connecting to SQL Server 13 with Java 17

I'm trying to connect to SQL Server 13 in a Springboot 2.7.5 after upgrading java to version 17
This is the key points the stacktrace when the application starts up and attempts to connect
Failed to obtain JDBC Connection; nested exception is com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: \"Certificates do not conform to algorithm constraints\". ClientConnectionId:3dd8afba-ccaf-451e-a8f1-5687b548ee3b\
java.security.cert.CertPathValidatorException: Algorithm constraints check failed on keysize limits: RSA 1024 bit key used with certificate: CN={SERVER_URL}
I've tried to add encrypt=true and trustServerCertificate=true to the connection url and still get the same issue.
Looking at the SQL version compatbiity list: https://learn.microsoft.com/en-us/sql/connect/jdbc/microsoft-jdbc-driver-for-sql-server-support-matrix?view=sql-server-ver16
I should be able to use com.microsoft.sqlserver:mssql-jdbc:11.2.0.jre17 also downgrading major versions also get the same result.
I'm able to connect the server using the same creds using intellij thats configured to use java 17 and using driver 11.2.1

I figured out the issue, since RHEL8 it has removed weak crypto algorithms. So, I had to update the Docker file to have RUN update-crypto-policies --set LEGACY, see also https://access.redhat.com/articles/3642912

SQL connectivity exceptions - The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption

We are observing SQL Server connection is getting dropped with the below error
: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server returned an incomplete response. The connection has been closed. ClientConnectionId:b928e7b0-689b-40f8-be3e-158261d0a84a".
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server returned an incomplete response. The connection has been closed. ClientConnectionId:b928e7b0-689b-40f8-be3e-158261d0a84a"
we are using sqljdbc42.jar in our application , MSSQL Server is MS SQL SERVER 2014 SP3 java version is 1.8
we cannot set to TLSv1 as mentioned in one of the resolution here SQL Server JDBC Error on Java 8: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption,
as a dependent application needs TLSv2 for it to work.
As per microsoft, jdbc 4.2 jar should resolve it , but we are already on it. https://blogs.msdn.microsoft.com/dataaccesstechnologies/2016/11/30/intermittent-jdbc-connectivity-issue-the-driver-could-not-establish-a-secure-connection-to-sql-server-by-using-secure-sockets-layer-ssl-encryption-error-sql-server-returned-an-incomplete-respons/
Please share suggestions or inputs you may have implemented for a similar problem.
Thanks,
Nivedita

Did you try the registry change mentioned in option 2 of the microsoft article?
Disable DHE cipher suites :
Warning: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
Open Registry Editor.
Access key exchange algorithm settings by navigating to the following registry location:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms
Select the Diffie-Hellman sub key (if it does not exist, then create
it).
Set the Enabled DWORD registry value to 0 (if it does not
exist, then create it).
Exit Registry Editor.
Impact of the workaround: Encrypted TLS sessions that rely on DHE keys will no longer function unless alternative failover options have been implemented.
https://technet.microsoft.com/en-us/library/security/ms15-055.aspx

The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer

When my java application tries to connect to SQL SERVER, I get the following error and I don't know the reason.
HTTP Status 401 - Could not get JDBC Connection; nested exception is
com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not
establish a secure connection to SQL Server by using Secure Sockets
Layer (SSL) encryption. Error: "java.security.ProviderException:
java.security.KeyException".
ClientConnectionId:59b52e56-bf2d-4476-a71b-e520f7df81ef
I use a Centos 6.5, Java 7, Tomcat 7, SQL Server 2012.
Could someone can help solving this?

ExceptionInInitializerError on DriverManager with MS SQL Server

I'm trying to connect to a MS SQL Server DB using JDBC and on this line:
String connectionUrl = "jdbc:" + url + ";user=dummy;password=dummy;";
conn = DriverManager.getConnection(connectionUrl);
I'm getting this massive wall-of-text of an error:
Exception in thread "main" java.lang.ExceptionInInitializerError
at javax.crypto.JceSecurityManager.<clinit>(JceSecurityManager.java:65)
at javax.crypto.Cipher.getConfiguredPermission(Cipher.java:2543)
at javax.crypto.Cipher.getMaxAllowedKeyLength(Cipher.java:2567)
at sun.security.ssl.CipherSuite$BulkCipher.isAvailable(CipherSuite.java:548)
at sun.security.ssl.CipherSuite$BulkCipher.isAvailable(CipherSuite.java:527)
at sun.security.ssl.CipherSuite.isAvailable(CipherSuite.java:194)
at sun.security.ssl.SSLContextImpl.getApplicableCipherSuiteList(SSLContextImpl.java:350)
at sun.security.ssl.SSLContextImpl.getDefaultCipherSuiteList(SSLContextImpl.java:308)
at sun.security.ssl.SSLSocketImpl.init(SSLSocketImpl.java:607)
at sun.security.ssl.SSLSocketImpl.<init>(SSLSocketImpl.java:549)
at sun.security.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:110)
at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1606)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:1323)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:991)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:827)
at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:1012)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:270)
at BusinessManager.Session.<init>(Session.java:33)
at BusinessManager.BusinessManager.getSession(BusinessManager.java:172)
at example.Example.ConfigureEnvironment(Example.java:198)
at example.Example.main(Example.java:50)
Caused by: java.lang.SecurityException: Can not initialize cryptographic mechanism
at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:89)
... 22 more
Caused by: java.lang.SecurityException: Cannot locate policy or framework files!
at javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:254)
at javax.crypto.JceSecurity.access$000(JceSecurity.java:48)
at javax.crypto.JceSecurity$1.run(JceSecurity.java:81)
at java.security.AccessController.doPrivileged(Native Method)
at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:78)
... 22 more
I've followed a couple of links, made sure both server and client are using the same JDK (1.8.0_20).
I've also downloaded the "JCE Unlimited Strength Jurisdiction Policy Files" and placed them in the JDK. I've also followed this link but I'm not sure whether I should be meddling with the JDK's "java.policy" files...

My guess based on the error is that you are attempting to connect to SQL with an SSL encrypted session but are using a self-signed certificate on the SQL Server. Per Connecting with SSL Encryption:
When the encrypt property is set to true and the
trustServerCertificate property is set to true, the Microsoft JDBC
Driver for SQL Server will not validate the SQL Server SSL
certificate. This is usually required for allowing connections in test
environments, such as where the SQL Server instance has only a self
signed certificate.
Try using:
String connectionUrl = "jdbc:" + url + ";user=dummy;password=dummy;encrypt=true;trustServerCertificate=true;";
Also, your url variable contents should start with sqlserver://.

Cannot connect to MSSQL due to Login-based server access validation failed with an infrastructure error

I have an application (web application) written in Java and database on MS SQL. Both, Tomcat (with application) and database server are on my localhost.
I'm trying run an application but in Java logs I have:
org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Login failed for user 'some-user'.)
Caused by: java.sql.SQLException: Login failed for user 'some-user'.
In database logs error looks like:
Logon Error: 18456, Severity: 14, State: 12.
Logon Login failed for user 'some-user'. Reason: Login-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: 127.0.0.1]
When I'm tying login to server via Microsoft SQL Server Managment Studio (choosing "SQL Server Authentication") everything is OK.
But with the same credentials my Java application cannot login.
Additional informations:
My connection url is jdbc:jtds:sqlserver://127.0.0.1:1434/some-db
some-user has a public server role and two database roles membership for some-db (db_datawriter and public). Default schema for some-user is db_datawriter.
Additionally some-user has some-db as a default database.

Why are you connecting to port 1434? The default port is TCP 1433 for the database instance; UDP 1434 is used for the browser service, which I suspect is only supported by Microsoft client libraries (I could be wrong, though).