Java 1.8.0在JDBC连接中启用TLS1.2 [英] Java 1.8.0 enable TLS1.2 in JDBC connection

问题描述

我有一个SQL Server 2014更新为最新的修订包( 12.0.5207 ).在环境中，唯一启用的协议是TLS1.2(已为此目的设置了注册表项).我可以使用Management Studio在本地和远程使用SA帐户连接到SQL Server.

I have an SQL Server 2014 updated to the latest fixpack (12.0.5207). In the environment, the only protocol enabled is TLS1.2 (the registry keys has been set for the purpose). I can connect to the SQL server using the SA account both locally and remotely using Management Studio.

但是，当我尝试使用Java代码和JDBC驱动程序 sqljdbc42.jar 建立与SQL Server的连接时，会引发以下异常:

However when I try establishing a connection to the SQL server using java code and the JDBC driver sqljdbc42.jar the following exception is thrown:

驱动程序无法通过以下方式建立与SQL Server的安全连接: 使用安全套接字层(SSL)加密.错误:"SQL Server执行了 不返回响应.连接已关闭.

The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed.

以下是Java代码:

public static void main(String[] args) 
{
    try 
    {
        Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver");
    }
    catch (ClassNotFoundException e) 
    {
        System.out.println( e.toString() ); 
    }

    String connectionUrl =  "jdbc:sqlserver://localhost:1433;" +  
                            "databaseName=TRCDB;user=sa;password=**********;";  
    try 
    {
        Connection con = DriverManager.getConnection(connectionUrl);
    } 
    catch (SQLException e) 
    {
        System.out.println( e.toString() ); 
    } 
}

启动JVM时，将传递以下选项:

When the JVM is launched the following option are passed:

-Djavax.net.debug=all -Djdk.tls.client.protocols="TLSv1.2" -Dhttps.protocols="TLSv1.2"

因此，尽管仅启用了TLSv1.2，但仍使用TLSv1完成了客户端问候":

So although only TLSv1.2 is enabled the "Client Hello" is done using TLSv1:

jdk.tls.client.protocols is defined as TLSv1.2 SSLv3 protocol was requested but was not enabled 
SUPPORTED: [TLSv1, TLSv1.1, TLSv1.2] 
SERVER_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2] 
CLIENT_DEFAULT: [TLSv1.2] 
...
*** ClientHello, TLSv1
...
main, WRITE: TLSv1 Handshake
...
main, called close()
main, called closeInternal(true)
main, SEND TLSv1.2 ALERT:  warning, description = close_notify
main, WRITE: TLSv1.2 Alert, length = 2

是 TLS 版本的根本原因吗? 如何强制 TLSv1.2 ?

Is it the TLS version the root cause of the problem? How can I force TLSv1.2?

推荐答案

Microsoft SQL Server的JDBC驱动程序的较早版本显然假定TLS v1.1将在服务器上可用.也就是说，未对它们进行编码以处理服务器显式拒绝(或忽略)TLS v1.1通信的情况.

Older versions of Microsoft's JDBC driver for SQL Server apparently assume that TLS v1.1 will be available on the server. That is, they were not coded to handle the case where the server explicitly rejects (or ignores) TLS v1.1 traffic.

从JDBC驱动程序版本6.3.2 开始，我们可以将;sslProtocol=TLSv1.2添加到我们的连接URL中以指定要使用的TLS版本.

Starting with JDBC driver version 6.3.2 we can add ;sslProtocol=TLSv1.2 to our connection URLs to specify the TLS version to use.

这篇关于Java 1.8.0在JDBC连接中启用TLS1.2的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！