'SQL Server JDBC Error on Java 8: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption

I am getting the following error when connecting to a SQL Server database using version the Microsoft JDBC Driver:

com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server returned an incomplete response. The connection has been closed. ClientConnectionId:98d0b6f4-f3ca-4683-939e-7c0a0fca5931".

We recently upgraded our applications from Java 6 & Java 7 to Java 8. All systems running Java are running SUSE Linux Enterprise Server 11 (x86_64), VERSION = 11, PATCHLEVEL = 3.

Here are the facts I have collected with a Java program that I wrote which simply sequentially opens and closes 1,000 database connections.

Connections are dropped with this error about 5%-10% of the time. The error DOES NOT occur on every connection.
The problem ONLY occurs with Java 8. I ran the same program on Java 7 and the problem is not reproducible. This is consistent with our experience in production prior to upgrading. We've had zero problems running under Java 7 in production.
The problem DOES NOT occur on all of our Linux servers running Java 8, it only occurs on some of them. This is perplexing to me, but when I run the same test program on the same version of the Linux JVM (1.8.0_60, 64 bit) on different Linux instances, the problem does not occur on one of the Linux instances, but the problem does occur on others. The Linux instances are running the same version of SUSE and they are at the same patch level.
The problem occurs when connecting to BOTH SQL Server 2008 and SQL Server 2014 servers/databases.
The problem occurs regardless if I am using the 4.0 version of the SQL Server JDBC driver or the newer 4.1 version of the driver.

The thing that makes my observations unique on this compared to others on the web is that although the problem happens ONLY on Java 8, I cannot get the problem to occur on one of the seemingly identical Linux servers that is running the same Java 8 JVM. Other folks have seen this problem on earlier versions of Java as well, but that has not been our experience.

Any input, suggestions, or observations you may have are appreciated.

Solution 1:^[1]

Your url should be like below and add sql sqljdbc42.jar. This will resolve your issue

url = "jdbc:sqlserver://" +serverName + ":1433;DatabaseName=" + dbName + ";encrypt=true;trustServerCertificate=true;

Solution 2:^[2]

Before you upgrade SQL JDBC Driver, check the compatibility first:

Sqljdbc.jar requires a JRE of 5 and supports the JDBC 3.0 API
Sqljdbc4.jar requires a JRE of 6 and supports the JDBC 4.0 API
Sqljdbc41.jar requires a JRE of 7 and supports the JDBC 4.1 API
Sqljdbc42.jar requires a JRE of 8 and supports the JDBC 4.2 API

Source: https://www.microsoft.com/en-us/download/details.aspx?id=11774

Solution 3:^[3]

This appears to have been fixed in version 4.2 of the MS SQL JDBC driver. I created a program where I connected to the server 1000 times, pausing 100ms between each attempt. With version 4.1 I was able to reproduce the problem every time, although it happened only sporadically. With version 4.2 I was unable to reproduce the problem.

Solution 4:^[4]

In case someone arrives here looking for a solution to connect to a database from PhpStorm, just add the following after the port in the URL:

;encrypt=true;trustServerCertificate=true;

I got the solution from this comment: SQL Server JDBC Error on Java 8: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption

Thank you so much! Can confirm it's working on PhpStorm 2022.1.1.

Solution 5:^[5]

In my case i had a sql server using the 3DES_EDE_CBC algorithm, this is disabled by default on jdk 1.8 , so checking the

/Library/Java/JavaVirtualMachines/adoptopenjdk-8.jdk/Contents/Home/jre/lib/security/java.security

And eliminating the algorithm from:

jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \ EC keySize < 224, 3DES_EDE_CBC, anon, NULL

Worked for me.

Solution 6:^[6]

Issue got resolved for me when I changed the sqljdbc-4.2.0 jar with mssql-jdbc-8.4.1 jar

<dependency>
      <groupId>com.microsoft.sqlserver</groupId>
      <artifactId>mssql-jdbc</artifactId>
      <version>8.4.1.jre8</version>
</dependency>

Solution 7:^[7]

Like @2Aguy wrote, you can change the JVM parameter. In my case I couldn't change it, and used the connection string "sslProtocol" parameter, lowering the connection to TLSV1.

Connection String: jdbc:sqlserver://<HOST>:<PORT>;encrypt=true;trustServerCertificate=true;sslProtocol=TLSv1;database=<DB NAME>

Solution 8:^[8]

Microsoft Recently open sourced their driver. One can see mssql-jdbc driver activity on GitHub. I guess latest preview version is 6.1.5.

Also you can find all preview versions on maven too. Supporting both JDK7 & JDK 8.

Solution 9:^[9]

I've also hit this issue on Windows Server 2012 R2, using JDBC driver 4.0 & 4.1 with Java 7. This Microsoft article pins the blame on DHE ciphersuites, and recommends disabling them or reducing their priority if you cannot upgrade to JDBC driver 4.2

Solution 10:^[10]

In my case, the issue was because the app was set to use spring-boot-ext-security-starter-credhub-credential and there were some issues with that setup.

So I removed credhub from the manifest file and pom and fetched credentials in a different way; then the error was gone.

Solution 11:^[11]

If the server name in the connection string does not match the server name in the SQL Server SSL certificate, the following error will be issued: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.security.cert.CertificateException: Failed to validate the server name in a certificate during Secure Sockets Layer (SSL) initialization."

This helped me resolve the issue. Was using the localhost in servername, finally changing in jdbc connection string to the same name as the CN was able to connect.

Refer: https://wiki.deepnetsecurity.com/pages/viewpage.action?pageId=1410867 for more info

Solution 12:^[12]

Thanks to @Sunil Kumar and @Joce. I used the jar and below syntax:

String myDriver = "com.microsoft.jdbc.sqlserver.SQLServerDriver";

String myURL = "jdbc:sqlserver://DB_ipaddress\DB_instance;databaseName=DB_name;user=myusername; password=mypass;encrypt=true;trustServerCertificate=true;"; /==> here the semicolon will be twice like shown/

Connection con = DriverManager.getConnection(myURL);

Solution 13:^[13]

I had this issue recently after doing a yum update in a client's server running RedHat 7. Since the above thread did not help me resolve my issue, I am posting this answer.

Issue:- Yum update in RedHat automatically reinstalls OpenJDK , my applications use oracle JDK. Verifying Default JDK:

java version Switch the default version:

update-alternatives --config java

There are 2 programs which provide 'java'.

Selection Command

1 java-1.8.0-openjdk.x86_64 (/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.x86_64/jre/bin/java)

2 /usr/java/jdk1.8.0_181-amd64/jre/bin/java

Enter to keep the current selection[+], or type selection number:

Enter the number alongside the appropriate version you want to us and hit enter.

Solution 14:^[14]

I have fixed the issue on my local enviroment, it mainly contains two steps below.

Switch the JDBC Driver dependency like below if your project is built by maven:

<dependency>
  <groupId>net.sourceforge.jtds</groupId>
  <artifactId>jtds</artifactId>
  <version>1.3.1</version>
</dependency>

2.Replace the Driver Class Name additionally:

ru.yandex.clickhouse.ClickHouseDriver

3.Modify the JDBC URL like this:

jdbc:jtds:sqlserver://xxxx:1433;databaseName=xxx

Solution 15:^[15]

I have also faced same issue while creating connection to the database with below connection string.

DriverManager.getConnection("jdbc:sqlserver://" + host + ":" + port + ";databaseName=" + dbName + ";user=" + userName + ";password=" + password);

After updating connection string as below, it worked.

Connection con = DriverManager.getConnection("jdbc:sqlserver://" + host + ":" + port + ";databaseName=" + dbName + ";encrypt=true;trustServerCertificate=true;user=" + userName + ";password=" + password);

here i have added encrypt=true;trustServerCertificate=true after the database name.

Solution 16:^[16]

application.properties:

    spring.datasource.url=jdbc:sqlserver://YourServerName:1433;database=<YourDatabaseName>;encrypt=true;trustServerCertificate=true;
    spring.datasource.username=root
    spring.datasource.password=1234
    spring.datasource.driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver
    spring.jpa.show-sql=true
    spring.jpa.hibernate.dialect=org.hibernate.dialect.SQLServer2012Dialect
    spring.jpa.properties.hibernate.globally_quoted_identifiers=true
    spring.jpa.hibernate.ddl-auto = create-drop

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution	Source
Solution 1	joce
Solution 2	baudsp
Solution 3	Bampfer
Solution 4	RepentAndBelieveTheGospel
Solution 5	cabaji99
Solution 6	Ruhul Hussain
Solution 7
Solution 8	Nikhil
Solution 9	coolhand
Solution 10	eby
Solution 11	yolob 21
Solution 12	Application Automation
Solution 13	Martin Karari
Solution 14	Leo
Solution 15	Sandeep Patel
Solution 16	Sachith Muhandiram

'SQL Server JDBC Error on Java 8: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption

Solution 1:[1]

Solution 2:[2]

Solution 3:[3]

Solution 4:[4]

Solution 5:[5]

Solution 6:[6]

Solution 7:[7]

Solution 8:[8]

Solution 9:[9]

Solution 10:[10]

Solution 11:[11]

Solution 12:[12]

Solution 13:[13]