Unable to connect to SQLServer because of SSLException

java sql-server ssl

21,746

Solution 1

I've hit the same problem this morning whereby some unit tests started to fail. I noticed that I was compiling the project with a 1.6 JDK, changing that to 1.7.0_79 made the problem go away.

Not sure what the root cause of the problem is though, haven't had time to investigate further.

Solution 2

This issue is related to Oracle JDK and the export policies by the US government.

Corresponding unlimited JCE-files can be found here: http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

extract zip and replace local_policy.jar, US_export_policy.jar in jre/lib/security

Solution 3

I had the same issue start today. Connecting with a Java application (working on Tuesday) but not able to use the same application today (Thursday). I have Windows 10 with automatic software updates and I am running Microsoft SQL Server 2014 (2014 Express 12.0.2000.8). I confirmed the protocols (SQL Server Configuration Manager > SQL Server Network Configuration > Protocols for SQLEXPRESS (Properties) . Force Encryption = "No"). I rolled back Windows KB3163018 and restarted the computer and was able to connect.

21,746

Author by

Sparwer

Updated on August 15, 2020

Comments

Sparwer almost 4 years

Since yesterday I'm unable to connect to the MicroSoft SQLServer (v11.1.3000.0) on my local development machine from JBoss EAP 6.2. SQLServer now wants to connect using SSL.

I get the following exception:

Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.lang.RuntimeException: Could not generate DH keypair". ClientConnectionId:da0dbbf4-33a0-45ac-9885-fa1e31c47c6e
        at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:1667)
        at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1668)
        at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:1323)
        at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:991)
        at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:827)
        at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:1012)
        at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:260)
        ... 28 more
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190) [jsse.jar:1.6]
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747) [jsse.jar:1.6]
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1708) [jsse.jar:1.6]
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1691) [jsse.jar:1.6]
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1222) [jsse.jar:1.6]
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199) [jsse.jar:1.6]
        at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1618)
        ... 33 more
Caused by: java.lang.RuntimeException: Could not generate DH keypair
        at com.sun.net.ssl.internal.ssl.DHCrypt.<init>(DHCrypt.java:114) [jsse.jar:1.6]
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:559) [jsse.jar:1.6]
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:186) [jsse.jar:1.6]
        at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593) [jsse.jar:1.6]
        at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529) [jsse.jar:1.6]
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:943) [jsse.jar:1.6]
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188) [jsse.jar:1.6]
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215) [jsse.jar:1.6]
        ... 35 more
Caused by: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive)
        at com.sun.crypto.provider.DHKeyPairGenerator.initialize(DashoA13*..) [sunjce_provider.jar:1.6]
        at java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:627) [rt.jar:1.6.0_45]
        at com.sun.net.ssl.internal.ssl.DHCrypt.<init>(DHCrypt.java:107) [jsse.jar:1.6]
        ... 42 more

When I connect to the SQLServer (11.0.2100.60) on our test environment everything works fine.

I've done the following: - Made sure I have the right JCE libs in my Java 6 JRE - Updated the sqljdbc4.jar - Read: Java: Why does SSL handshake give 'Could not generate DH keypair' exception?

I haven't tried the workaround from the article above. I'd much rather stop SQLServer from demaning SSL.

How can I stop SQLServer from demanding a SSL connection? Or fix my configuration? And how could this just happen? Was there an automatic update of SQLServer?