Reputation: 53
Issue with disabling protocols in java.security file
I have springboot application deployed on jetty server and running on java 8. I want to force my application to use TLSv1.3 only. For this in the java.security file of jre I disabled all protocols except TLSv1.3 with below property:
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, 3DES_EDE_CBC, DESede, \
EC keySize < 224, DES40_CBC, RC4_40, TLSv1, TLSv1.1, TLSv1.2
When I tried to start jetty, it gave me below error:
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "No appropriate protocol, may be no appropriate cipher suite specified or protocols are deactivated". ClientConnectionId:de77b523-984a-4700-a19b-ccfd0407dfb4
at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:1748)
at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1704)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:1401)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:1068)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectInternal(SQLServerConnection.java:904)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:451)
at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:1014)
at com.zaxxer.hikari.util.DriverDataSource.getConnection(DriverDataSource.java:138)
at com.zaxxer.hikari.pool.PoolBase.newConnection(PoolBase.java:364)
at com.zaxxer.hikari.pool.PoolBase.newPoolEntry(PoolBase.java:206)
at com.zaxxer.hikari.pool.HikariPool.createPoolEntry(HikariPool.java:476)
at com.zaxxer.hikari.pool.HikariPool.checkFailFast(HikariPool.java:561)
I am not using secure connection to DB. Below is application.properties file entry for DB:
spring.datasource.url=jdbc:sqlserver://172.20.186.175:1433;Databasename=DB_Jan_2023_new;SendStringParametersAsUnicode=false
spring.datasource.username=sa
spring.datasource.password={ENC}ACED0005740003414553757200025B42ACF317F8060854E0020000787000000008E3425FF8F9E058D0737200116A6176612E6C616E672E496E746567657212E2A0A4F781873802000149000576616C7565787200106A6176612E6C616E672E4E756D62657286AC951D0B94E08B0200007870000008007571007E000100000010B2E212D690ECC67BC4663C4DFEE3542C74000456322E30
spring.datasource.driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver
spring.jpa.hibernate.dialect=org.hibernate.dialect.SQLServer2012Dialect
- Q1. I am not sure why it is giving this error though I am not using secure connection.
- Q2. Also, is this the right way to move application to TLSv1.3 or there are some more steps ?
- Q3. How can I check if my application moved to TLSv1.3 ?
Upvotes: 0
Views: 271
Answers (1)
Reputation: 46241
SQL Server TDS protocol version 8 is required for TLS 1.3 per the documentation. TDS 8 was introduced with SQL Server 2022 and is not available in other versions. Furthermore, only the latest ODBC and OLEDB client drivers have added support for TDS 8 as of this writing. TLS 1.3 not yet available with the Microsoft JDBC driver.
Upvotes: 1
Related Questions
- IntelliJ no "watches" tab in debugging
- Android Studio stuck at "Analyzing..."
- Missing Debugger tab in Android Studio
- Breakpoint does not belong to any class
- Cannot watch Kotlin variable in android studio
- Android Studio 4.1 debugger break points not working
- AndroidStudio 4.1 stable. Problem with the debugger
- Missing debug tab in Android Studio
- Android Studio Debug Watch pane is missing
- Android Studio 1.5 with Kotlin Plugin got exception, when is in debugger mode. How to fix it?