websphere + SSLv3 SSLContext not available

Question

I have a java application that is using hibernate to do a JNDI lookup for the datasource in Websphere Application Server which then talks to a MSSQL database.

The security team has recently patched the Websphere server 8.5.5.4 to disable SSLv3.

As such I'm getting a com.ibm.websphere.ce.cm.StaleConnectionException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encyption. Error: "SSLv3 SSLContext not available".

Before this, I could access the data without any issues.

What can I do to overcome this issue? Do I need to configure the application to use TLS?

I'm using Hibernate 4.3.7.

The hibernate config looks like this.

<hibernate-configuration>
    <session-factory>
    <property name="hibernate.connection.driver_class">net.sourceforge.jtds.jdbc.Driver</property>
    <property name="connection.datasource">jdbc/testing</property>
    <property name="hibernate.dialect">org.hibernate.dialect.SQLServerDialect</property>
    <mapping resource="myApplication.hbm.xml" />
    </session-factory>
</hibernate-configuration>

Any help would be greatly appreciated.

Answer 1

Maybe you should look at the MSSQL side to check whether TLS (at least 1.0 version) is supported. If not try to enable it.

Otherwise a (not recommended from security view) fix is to enable SSLv3 temporarily by using the following JVM argument until you find a way to communicate through TLS:

-Dcom.ibm.jsse2.disableSSLv3=false

Answer 2

I found a solution. Try updating your sqljdbc4.jar file - it turns out mine was outdated. Alternatively, I also got it running with the solution by @trikelef that enables SSLv3 - but this opens security issues.

Answer 3

I have this issue yesterday.

I solved it by using sqljdbc4.jar instead of sqljdbc4.1 and it works fine.