JDBC (JTDS) SQL Server Connection Closed after SSL Authentication

Question

I am using the jTDS JDBC SQLServer library to connect to a SQL Server 2008 database. It always worked without SSL but once we enabled it, I haven't been able to get it to connect. I've traced the Java as seen below and checked the log on the DB side and the authentication works properly but immediately drops the connection when trying to execute the query. Anyone seen this problem?

main, received EOFException: ignored
main, called closeInternal(false)
main, SEND TLSv1 ALERT:  warning, description = close_notify
Padded plaintext before ENCRYPTION:  len = 32
0000: 01 00 DF 4A F1 23 CF E7   6B 62 3D 7D 4D CD C9 AD  ...J.#..kb=.M...
0010: 26 7B 16 59 84 9A 09 09   09 09 09 09 09 09 09 09  &..Y............
main, WRITE: TLSv1 Alert, length = 32
[Raw write]: length = 37
0000: 15 03 01 00 20 12 0A 45   80 96 80 F8 04 62 2F 62  .... ..E.....b/b
0010: E0 35 B9 4D 67 B0 4D D7   AC 9C CF C7 57 CA E1 B2  .5.Mg.M.....W...
0020: 9F DC BA 5E F8                                     ...^.
main, called closeSocket(selfInitiated)
main, called close()
main, called closeInternal(true)
java.sql.SQLException: I/O Error: DB server closed connection.
    at net.sourceforge.jtds.jdbc.TdsCore.executeSQL(TdsCore.java:1053)
    at net.sourceforge.jtds.jdbc.JtdsStatement.executeSQLQuery(JtdsStatement.java:465)
    at net.sourceforge.jtds.jdbc.JtdsStatement.executeQuery(JtdsStatement.java:1304)
    at net.sourceforge.jtds.jdbc.ConnectionJDBC2.<init>(ConnectionJDBC2.java:390)
    at net.sourceforge.jtds.jdbc.ConnectionJDBC3.<init>(ConnectionJDBC3.java:50)
    at net.sourceforge.jtds.jdbc.Driver.connect(Driver.java:184)
    at java.sql.DriverManager.getConnection(DriverManager.java:579)
    at java.sql.DriverManager.getConnection(DriverManager.java:221)
    at getConnection.main(getConnection.java:25)
Caused by: java.io.IOException: DB server closed connection.
    at net.sourceforge.jtds.jdbc.SharedSocket.readPacket(SharedSocket.java:848)
    at net.sourceforge.jtds.jdbc.SharedSocket.getNetPacket(SharedSocket.java:727)
    at net.sourceforge.jtds.jdbc.ResponseStream.getPacket(ResponseStream.java:466)
    at net.sourceforge.jtds.jdbc.ResponseStream.read(ResponseStream.java:103)
    at net.sourceforge.jtds.jdbc.ResponseStream.peek(ResponseStream.java:88)
    at net.sourceforge.jtds.jdbc.TdsCore.wait(TdsCore.java:3932)
    at net.sourceforge.jtds.jdbc.TdsCore.executeSQL(TdsCore.java:1046)

Answer 1

Oracle introduced a security fix for the SSL/TLS BEAST attack that is known to interfere with Microsoft JDBC/jTDS connections.

Setting the -Djsse.enableCBCProtection=false system variable will disable the fix and potentially allow the connection.

Information found in this SO thread: Java7 sqljdbc4 - SQL error 08S01 on getConnection()

Answer 2

I was able to get around the same basic error by adding ssl=request or ssl=require to the URL of the connection string. This either tries or demands that the connection be encrypted. If SQL Server is setup to require encrypted connections then ssl=require will force the connection to use SSL and will satisfy SQL Server.

Example:

jdbc:jtds:sqlserver://[SERVER]/[DATABASE];ssl=require;