2

We are observing SQL Server connection is getting dropped with the below error : com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server returned an incomplete response. The connection has been closed. ClientConnectionId:b928e7b0-689b-40f8-be3e-158261d0a84a".

Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server returned an incomplete response. The connection has been closed. ClientConnectionId:b928e7b0-689b-40f8-be3e-158261d0a84a"

we are using sqljdbc42.jar in our application , MSSQL Server is MS SQL SERVER 2014 SP3 java version is 1.8

we cannot set to TLSv1 as mentioned in one of the resolution here SQL Server JDBC Error on Java 8: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption, as a dependent application needs TLSv2 for it to work.

As per microsoft, jdbc 4.2 jar should resolve it , but we are already on it. https://blogs.msdn.microsoft.com/dataaccesstechnologies/2016/11/30/intermittent-jdbc-connectivity-issue-the-driver-could-not-establish-a-secure-connection-to-sql-server-by-using-secure-sockets-layer-ssl-encryption-error-sql-server-returned-an-incomplete-respons/

Please share suggestions or inputs you may have implemented for a similar problem.

Thanks, Nivedita

Nivedita Dixit
  • 181
  • 1
  • 3
  • 12

1 Answers1

0

Did you try the registry change mentioned in option 2 of the microsoft article?

  • Disable DHE cipher suites :

Warning: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

  1. Open Registry Editor.
  2. Access key exchange algorithm settings by navigating to the following registry location:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms
  3. Select the Diffie-Hellman sub key (if it does not exist, then create it).
  4. Set the Enabled DWORD registry value to 0 (if it does not exist, then create it).
  5. Exit Registry Editor.

Impact of the workaround: Encrypted TLS sessions that rely on DHE keys will no longer function unless alternative failover options have been implemented.

https://technet.microsoft.com/en-us/library/security/ms15-055.aspx

jacosta
  • 447
  • 1
  • 7
  • 19