Since the work needs to use the SpringBoot project to connect to SQL Server for data query, an exception occurred when using the sqljdbc4-4.0.jar driver package to access the database “驱动程序无法通过使用安全套接字层(SSL)加密与 SQL Server 建立安全连接”, and finally solved it by modifying the java.security file.
Since different versions of JDK have different solutions to this problem, the JDK version I use here is JDK8, and this solution is also implemented for JDK8.
From the information searched on the Internet, we know that in JDK8 and earlier versions, this problem can be solved by editing /lib/security/java.securitythe file and deleting it 3DES_EDE_CBCfrom the security attribute...but in fact, in addition to modifying the attribute also needs to be modified.jdk.tls.legacyAlgorithmslegacyAlgorithmsdisabledAlgorithms
jdk.tls.disabledAlgorithms
jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
# 这个是原有的配置(已封存)
#jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
# DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
# include jdk.disabled.namedCurves
# 这个是修改后的配置,需要注意的是TLSv1, TLSv1.1在这里被排除掉
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, \
DH keySize < 1024, EC keySize < 224, DES40_CBC, RC4_40, \
include jdk.disabled.namedCurves
In Java 8, it is disabled by default SSL_RSA_WITH_3DES_EDE_CBC_SHA. If you want to connect successfully, you need to delete it in order to enable jdk.tls.legacyAlgorithmsit 3DES_EDE_CBC.
jdk.tls.legacyAlgorithms
# 这个是原有配置(已封存)
#jdk.tls.legacyAlgorithms= \
# K_NULL, C_NULL, M_NULL, \
# DH_anon, ECDH_anon, \
# RC4_128, RC4_40, DES_CBC, DES40_CBC, \
# 3DES_EDE_CBC
# 这个是修改后的配置,这里将“3DES_EDE_CBC”删除了
jdk.tls.legacyAlgorithms= \
K_NULL, C_NULL, M_NULL, \
DH_anon, ECDH_anon, \
RC4_128, RC4_40, DES_CBC, DES40_CBC
After the configuration is complete, the SQL Server driver can be used normally.