B4J Question SQL Server 2022 TLS/SSL Handshake Error with B4J WebApp

O

Omar Moreno

Member
Licensed User
Longtime User
Hello everyone,

After 12 years, it has been decided to migrate from SQL Server 2008R2 to SQL Server 2022 Standard.
  • SQL Server 2022 is currently running on a Windows Server 2022 test environment.
  • A self-signed certificate was installed.
  • TLSv1.2 and TLSv1.3 were enabled in the Windows registry.
I updated the development tool to compile the webapp with:
  • OpenJDK19
  • B4J 10.30, JServer (websocket)
  • Tested the following drivers:
    • mssql-jdbc-12.2.1-jre11.jar
    • mssql-jdbc-12.10.2-jre11.jar
    • mssql-jdbc-13.2.1-jre11.jar
  • Connection string:
    B4X: 
    sql1.InitializeAsync("sql1","com.microsoft.sqlserver.jdbc.SQLServerDriver","jdbc:sqlserver://SERVERX:1433;databaseName=BD_X;encrypt=true;trustServerCertificate=true;",user,pass)
Errors encountered:

When running the JAR like this:
C:\WEBApp\JAVA\jdk-19.0.2\bin\java -jar C:\WEBApp\WebX.jar

I get the following error:
Error: 
com.microsoft.sqlserver.jdbc.SQLServerException: "encrypt" property is set to "true" and "trustServerCertificate"
property is set to "false" but the driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL)
encryption: Error: The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12].
...
javax.net.ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]

When running the JAR like this:
C:\WEBApp\JAVA\jdk-19.0.2\bin\java -Djdk.tls.client.protocols=TLSv1 -jar C:\WEBApp\WebX.jar

I get the following error:
error: 
com.microsoft.sqlserver.jdbc.SQLServerException: "encrypt" property is set to "true" and "trustServerCertificate"
property is set to "false" but the driver could not establish a secure connection to SQL Server by using Secure
Sockets Layer (SSL) encryption: Error: No appropriate protocol (protocol is disabled or cipher suites are inappropriate).
...
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

Question: What needs to be fixed: the WebApp program, the Windows Server, or the SQL Server?

Thanks in advance for your possible answers.
 
Sort by date Sort by votes
EnriqueGonzalez

EnriqueGonzalez

Expert
Licensed User
Longtime User
Omar Moreno said:
, the Windows Server, or the SQL Server?
Click to expand...
It's related to this 2, they come as enabled by default TLS 1.0 and TLS 1.1.

So disable them and the connecitons will default to TLS 1.2

Enable secure connection by limiting SQL server to TLS 1.2

Use the information in this section to modify secure connection from the provisioning server to the SQL server to limit it to TLS 1.2. For information on how to configure secure connecion from provisioning server to SQL server, see Enable secure connection from provisioning server to SQL server.
docs.citrix.com docs.citrix.com
 
Upvote 0
You must log in or register to reply here.
Top