Microsoft SQL Server JDBC Driver -SSL issues

10.9k views Asked by At

Our application server uses Microsoft SQL Server JDBC Driver (XA) to connect to the database. The driver uses SSLV3 to encrypt login details to connect to the DB. As SSLV3 is associated with poodle vulnerability,poodle patch is required to fix the security issue. With the patch installed in our servers, the MS SQL server driver is not able to connect to the database as SSL is disabled.What is the fix for this issue? Is there a way to change the driver configuration to bypass using SSLV3 for login?Or is there a way to replace SSL with TLS?

3

There are 3 answers

0
Brian Knoblauch On

Perhaps you need to update to a newer MS JDBC driver. We're running 4.0 in production and connecting to SQL 2008R2 via TLS 1.0 without any issues. JDBC 4.1 is out now as well (I'm just starting testing on it now).

0
JorSol On

The new JDBC 4.2 for SQL Server Driver supports TLS 1.2 and many more features, you should try with it.

http://blogs.technet.com/b/dataplatforminsider/archive/2015/09/02/download-the-new-jdbc-4-2-for-sql-server-driver.aspx

0
Sankar Natarajan On
  First things first, please check and make sure that the SQL server is configured for SSL. You could do that by 2 different means:

Direct way:

Open SQL Server configuration manager

Open 'SQL server Network configuration' on left pane

Open 'Protocols for "instance name" '

Right click -> Properties. The following dialog would appear. Ensure 'Force Encryption' is set to YES

enter image description here

Go to 'Certificate' tab and you should see the certificate used by MS SQL Server for SSL connectivity

enter image description here

You could find this certificate by opening MMC -> add/remove snapin -> certificates

In the certificates snap-in, you could find the certificate as shown below:

enter image description here

INDIRECT Way

You could also verify the certificate used by MS SQL Server by examining a registry entry. The value shown against the property 'Certificate' is nothing but the 'Thumbprint' that you would see in certificate details.

enter image description here