[MDEV-24492] JDBC - The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption Created: 2020-12-27  Updated: 2021-01-28  Resolved: 2021-01-28

Status: Closed
Project: MariaDB Server
Component/s: Storage Engine - Connect
Affects Version/s: 10.5.8
Fix Version/s: 10.5.8

Type: Bug Priority: Major
Reporter: Andrey Assignee: Anel Husakovic
Resolution: Not a Bug Votes: 0
Labels: None
Environment:

RedHat 8/Centos 8


 Description   

Good afternoon, this question probably has little to do with Connect Engine, rather more to connect via JDBC in General. However, I noticed one nuance that when I try to create a connection to MSSQL via JDBC, through the created server:

CREATE OR REPLACE SERVER 'mssql_server' FOREIGN DATA WRAPPER 'jdbc' OPTIONS (
 
  HOST 'jdbc:sqlserver://mssql-server:1433',
 
  DATABASE 'sample_db',
 
  USER 'sample_user',
 
  PASSWORD 'sample_user'
 
);
 
 
 
CREATE OR REPLACE TABLE sample_database.table_from_mssql (
 
  guid CHAR(36))
 
ENGINE=connect TABLE_TYPE=jdbc CONNECTION='mssql_server/sample.dbo.t_table' OPTION_LIST='scrollable=1';

Next, when I try to view the contents of the created table, I get an error

Error SQL (1296): Got error 174 'Connecting: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "Server chose TLSv1' from CONNECT

And this error seems to only apply to MSSQL, because the JDBC driver for Oracle and MariaDB does not have such problems

Maybe someone has experience in solving this problem?
It is worth noting that for some reason there is no such problem in RedHat 7/Centos 7 :/

 Comments   
Comment by Andrey [ 2020-12-27 ]

Little bit change create table command:

CREATE OR REPLACE TABLE sample_database.table_from_mssql (guid CHAR(36))
 
ENGINE=CONNECT 
TABLE_TYPE=JDBC 
TABNAME='dbo.t_table'  
CONNECTION='jdbc:sqlserver://mssql-server:1433;databaseName=sample_db;encrypt=true;trustServerCertificate=true;' 
OPTION_LIST='USER=sample_user,PASSWORD=sample_user';

And now I have next error

Error SQL (1105): Connecting: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "The server selected protocol version TLS10 is not accepted by client preferences [TLS12]". ClientConnectionId:d9f83d17-9215-43c7-a3a2-a841faa05f83 rc=-2

It seems that my MS SQL server runs on the TLS 1.0 Protocol, while OpenJDK on the Mariadb server side through JDBC tries to access only the TLS1 Protocol.2

As a result, the MS SQL server rejects the client connection

Comment by Anel Husakovic [ 2021-01-28 ]

diego dupin seems this MDEV is related to CONJ project.

Comment by Andrey [ 2021-01-28 ]

I'm sorry, this is not a MariaDB issue, it turns out to be disabled TLS 1.0 support starting with CentOS 8 and Red Hat 8 by default.
Maybe it will be useful for someone in the future, in order to return it, you need to do:

update-crypto-policies --set LEGACY

Once again, I apologize

Comment by Anel Husakovic [ 2021-01-28 ]

Thanks strelkov.av for raising the issue and the workaround.

Generated at Thu Feb 08 09:30:23 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.