SSL身份验证后，JDBC（JTDS）SQL Server连接已关闭

I am using the jTDS JDBC SQLServer library to connect to a SQL Server 2008 database. It always worked without SSL but once we enabled it, I haven't been able to get it to connect. I've traced the Java as seen below and checked the log on the DB side and the authentication works properly but immediately drops the connection when trying to execute the query. Anyone seen this problem?

我使用jTDS JDBC SQLServer库连接到SQL Server 2008数据库。它总是在没有SSL的情况下工作,但是一旦我们启用它,我就无法连接它。我已经跟踪了Java,如下所示,检查了数据库端的日志,并且身份验证正常工作,但在尝试执行查询时立即断开连接。谁见过这个问题?

main, received EOFException: ignored
main, called closeInternal(false)
main, SEND TLSv1 ALERT:  warning, description = close_notify
Padded plaintext before ENCRYPTION:  len = 32
0000: 01 00 DF 4A F1 23 CF E7   6B 62 3D 7D 4D CD C9 AD  ...J.#..kb=.M...
0010: 26 7B 16 59 84 9A 09 09   09 09 09 09 09 09 09 09  &..Y............
main, WRITE: TLSv1 Alert, length = 32
[Raw write]: length = 37
0000: 15 03 01 00 20 12 0A 45   80 96 80 F8 04 62 2F 62  .... ..E.....b/b
0010: E0 35 B9 4D 67 B0 4D D7   AC 9C CF C7 57 CA E1 B2  .5.Mg.M.....W...
0020: 9F DC BA 5E F8                                     ...^.
main, called closeSocket(selfInitiated)
main, called close()
main, called closeInternal(true)
java.sql.SQLException: I/O Error: DB server closed connection.
    at net.sourceforge.jtds.jdbc.TdsCore.executeSQL(TdsCore.java:1053)
    at net.sourceforge.jtds.jdbc.JtdsStatement.executeSQLQuery(JtdsStatement.java:465)
    at net.sourceforge.jtds.jdbc.JtdsStatement.executeQuery(JtdsStatement.java:1304)
    at net.sourceforge.jtds.jdbc.ConnectionJDBC2.<init>(ConnectionJDBC2.java:390)
    at net.sourceforge.jtds.jdbc.ConnectionJDBC3.<init>(ConnectionJDBC3.java:50)
    at net.sourceforge.jtds.jdbc.Driver.connect(Driver.java:184)
    at java.sql.DriverManager.getConnection(DriverManager.java:579)
    at java.sql.DriverManager.getConnection(DriverManager.java:221)
    at getConnection.main(getConnection.java:25)
Caused by: java.io.IOException: DB server closed connection.
    at net.sourceforge.jtds.jdbc.SharedSocket.readPacket(SharedSocket.java:848)
    at net.sourceforge.jtds.jdbc.SharedSocket.getNetPacket(SharedSocket.java:727)
    at net.sourceforge.jtds.jdbc.ResponseStream.getPacket(ResponseStream.java:466)
    at net.sourceforge.jtds.jdbc.ResponseStream.read(ResponseStream.java:103)
    at net.sourceforge.jtds.jdbc.ResponseStream.peek(ResponseStream.java:88)
    at net.sourceforge.jtds.jdbc.TdsCore.wait(TdsCore.java:3932)
    at net.sourceforge.jtds.jdbc.TdsCore.executeSQL(TdsCore.java:1046)

2 个解决方案

#1

Oracle introduced a security fix for the SSL/TLS BEAST attack that is known to interfere with Microsoft JDBC/jTDS connections.

Oracle为已知会干扰Microsoft JDBC / jTDS连接的SSL / TLS BEAST攻击引入了一个安全修复程序。

Setting the -Djsse.enableCBCProtection=false system variable will disable the fix and potentially allow the connection.

设置-Djsse.enableCBCProtection = false系统变量将禁用该修复并可能允许连接。

Information found in this SO thread: Java7 sqljdbc4 - SQL error 08S01 on getConnection()

在此SO线程中找到的信息:Java7 sqljdbc4 - getConnection()上的SQL错误08S01

#2

I was able to get around the same basic error by adding ssl=request or ssl=require to the URL of the connection string. This either tries or demands that the connection be encrypted. If SQL Server is setup to require encrypted connections then ssl=require will force the connection to use SSL and will satisfy SQL Server.

通过将ssl = request或ssl = require添加到连接字符串的URL,我能够解决相同的基本错误。这会尝试或要求加密连接。如果SQL Server设置为要求加密连接,则ssl = require将强制连接使用SSL并将满足SQL Server。

Example:

jdbc:jtds:sqlserver://[SERVER]/[DATABASE];ssl=require;

#1