Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-24492

JDBC - The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption

Details

    Description

      Good afternoon, this question probably has little to do with Connect Engine, rather more to connect via JDBC in General. However, I noticed one nuance that when I try to create a connection to MSSQL via JDBC, through the created server:

      CREATE OR REPLACE SERVER 'mssql_server' FOREIGN DATA WRAPPER 'jdbc' OPTIONS (
        HOST 'jdbc:sqlserver://mssql-server:1433',
        DATABASE 'sample_db',
        USER 'sample_user',
        PASSWORD 'sample_user'
      );
       
      CREATE OR REPLACE TABLE sample_database.table_from_mssql (
        guid CHAR(36))
      ENGINE=connect TABLE_TYPE=jdbc CONNECTION='mssql_server/sample.dbo.t_table' OPTION_LIST='scrollable=1';
      

      Next, when I try to view the contents of the created table, I get an error

      Error SQL (1296): Got error 174 'Connecting: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "Server chose TLSv1' from CONNECT

      And this error seems to only apply to MSSQL, because the JDBC driver for Oracle and MariaDB does not have such problems

      Maybe someone has experience in solving this problem?
      It is worth noting that for some reason there is no such problem in RedHat 7/Centos 7 :/

      Attachments

        Activity

          strelkov.av Andrey added a comment - - edited

          Little bit change create table command:

          CREATE OR REPLACE TABLE sample_database.table_from_mssql (guid CHAR(36))
          ENGINE=CONNECT 
          TABLE_TYPE=JDBC 
          TABNAME='dbo.t_table'  
          CONNECTION='jdbc:sqlserver://mssql-server:1433;databaseName=sample_db;encrypt=true;trustServerCertificate=true;' 
          OPTION_LIST='USER=sample_user,PASSWORD=sample_user';

          And now I have next error

          Error SQL (1105): Connecting: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "The server selected protocol version TLS10 is not accepted by client preferences [TLS12]". ClientConnectionId:d9f83d17-9215-43c7-a3a2-a841faa05f83 rc=-2

          It seems that my MS SQL server runs on the TLS 1.0 Protocol, while OpenJDK on the Mariadb server side through JDBC tries to access only the TLS1 Protocol.2

          As a result, the MS SQL server rejects the client connection

          strelkov.av Andrey added a comment - - edited Little bit change create table command: CREATE OR REPLACE TABLE sample_database.table_from_mssql (guid CHAR (36)) ENGINE= CONNECT TABLE_TYPE=JDBC TABNAME= 'dbo.t_table' CONNECTION = 'jdbc:sqlserver://mssql-server:1433;databaseName=sample_db;encrypt=true;trustServerCertificate=true;' OPTION_LIST= 'USER=sample_user,PASSWORD=sample_user' ; And now I have next error Error SQL (1105): Connecting: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "The server selected protocol version TLS10 is not accepted by client preferences [TLS12] ". ClientConnectionId:d9f83d17-9215-43c7-a3a2-a841faa05f83 rc=-2 It seems that my MS SQL server runs on the TLS 1.0 Protocol, while OpenJDK on the Mariadb server side through JDBC tries to access only the TLS1 Protocol.2 As a result, the MS SQL server rejects the client connection

          diego dupin seems this MDEV is related to CONJ project.

          anel Anel Husakovic added a comment - diego dupin seems this MDEV is related to CONJ project.
          strelkov.av Andrey added a comment -

          I'm sorry, this is not a MariaDB issue, it turns out to be disabled TLS 1.0 support starting with CentOS 8 and Red Hat 8 by default.
          Maybe it will be useful for someone in the future, in order to return it, you need to do:

          update-crypto-policies --set LEGACY
          

          Once again, I apologize

          strelkov.av Andrey added a comment - I'm sorry, this is not a MariaDB issue, it turns out to be disabled TLS 1.0 support starting with CentOS 8 and Red Hat 8 by default. Maybe it will be useful for someone in the future, in order to return it, you need to do: update-crypto-policies --set LEGACY Once again, I apologize

          Thanks strelkov.av for raising the issue and the workaround.

          anel Anel Husakovic added a comment - Thanks strelkov.av for raising the issue and the workaround.

          People

            anel Anel Husakovic
            strelkov.av Andrey
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.