Legacy Java error
I fixed a problem at work a few days ago, and I thought I should publish the solution here in case it helps anyone. Although I hope there aren't many people still using such an old version of Microsoft SQL/Server.
I have a Windows 2016 Server with tomcat 9.0, and several Spring 2.0.3 applications. One of them is attempting to connect to a legacy MSSQL 2005 database running on Windows Server 2003 R2. The application uses the Microsoft JDBC Driver 7.0 for SQL Server.
I found that if the tomcat server was running on java 1.8.0_181 or later, the connection failed with the following error:
com.microsoft.sqlserver.jdbc.SQLServerException:
The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption.
Error: "SQL Server did not return a response. The connection has been closed..."I eventually discovered this was due to the 3DES_EDE_CBC algorithm being disabled in the Java 8 Update 171. Removing 3DES_EDE_CBC from the list of disabled algorithms in C:\Program Files\Java\jre-10.0.2\conf\security\java.security enabled the connection. This does expose a vulnerability to SWEET32, which is not an issue for this particular deployment.
Ideally, I want this change to apply to just the one application that needs it. I found a way to change the disabled algorithms in Java:
String disabledAlgorithms = Security.getProperty("jdk.tls.disabledAlgorithms");
disabledAlgorithms = disabledAlgorithms.replaceFirst("^3DES_EDE_CBC", "").replaceFirst(", 3DES_EDE_CBC", "");
Security.setProperty("jdk.tls.disabledAlgorithms", disabledAlgorithms);This has to go in a static code block. Initially I had it in the main method, before SpringApplication.run, but that fails when running test cases, and when running the application in Tomcat.
Hope this helps someone else; the separate issues are all answered on stackoverflow, but they aren't linked together there, and it took me a while to figure everything out. 3 days, 3 lines of code. Here are the references which helped: