1. Environment
- IDE: IDEA
- JDK : JAVA1.8
- SQLServer editions: SQL Server 2008
2. The specific error message
17:43:11 2019-09-16 [-Druid-the ConnectionPool the Create-847 839 957] ERROR cadpDruidDataSource - Create Connection SQLException, URL: JDBC: SQLServer: // localhost; DatabaseName = PT_STORE_HLW, errorCode 0, State 08S01 com.microsoft.sqlserver .jdbc.SQLServerException: driver could not establish a secure connection by using secure sockets layer (SSL) encryption to SQL Server. Error: "SQL Server does not return a response connection was closed ClientConnectionId:.. 22dc49b0-221d-4a51-9a84-8d507658df6e" . com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate AT (SQLServerConnection.java:1667) AT com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL (IOBuffer.java:1668) AT com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper (SQLServerConnection.java:1323) AT com.microsoft.sqlserver.jdbc.SQLServerConnection.login (SQLServerConnection.java:991) AT com.microsoft.sqlserver.jdbc.SQLServerConnection.connect (SQLServerConnection.java:827) at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:1012) at com.alibaba.druid.filter.FilterChainImpl.connection_connect(FilterChainImpl.java:156) at com.alibaba.druid.filter.stat.StatFilter.connection_connect(StatFilter.java:218) at com.alibaba.druid.filter.FilterChainImpl.connection_connect(FilterChainImpl.java:150) at com.alibaba.druid.pool.DruidAbstractDataSource.createPhysicalConnection(DruidAbstractDataSource.java:1560) at com.alibaba.druid.pool.DruidAbstractDataSource.createPhysicalConnection(DruidAbstractDataSource.java:1623) at com.alibaba.druid.pool.DruidDataSource$CreateConnectionThread.run(DruidDataSource.java:2468) Caused by: java.io.IOException: SQL Server 未返回响应。连接已关闭。 ClientConnectionId:22dc49b0-221d-4a51-9a84-8d507658df6e at com.microsoft.sqlserver.jdbc.TDSChannel$SSLHandshakeInputStream.ensureSSLPayload(IOBuffer.java:651) at com.microsoft.sqlserver.jdbc.TDSChannel$SSLHandshakeInputStream.readInternal(IOBuffer.java:708) at com.microsoft.sqlserver.jdbc.TDSChannel$SSLHandshakeInputStream.read(IOBuffer.java:700) at com.microsoft.sqlserver.jdbc.TDSChannel$ProxyInputStream.readInternal(IOBuffer.java:895) at com.microsoft.sqlserver.jdbc.TDSChannel$ProxyInputStream.read(IOBuffer.java:883) at sun.security.ssl.InputRecord.readFully(InputRecord.java:465) at sun.security.ssl.InputRecord.read(InputRecord.java:503) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:975) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379) at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1618) ... 10 common frames omitted
Resolution process:
Online Baidu and some say that because the problem JDK1.6, but I use the JDK1.8
There are also said to be missing two jar jre package, after this attempt is not the reason
Solve :
In JDK 8 and earlier, edit the file and /lib/security/java.security 3DES_EDE_CBC deleted from jdk.tls.legacyAlgorithms security attributes.
Official documentation states: Please note that this is a low risk of change. It is unlikely to lead to reunification, because it will only affect the order of negotiation algorithm. If there are no other non-legacy algorithms is available, will use 3DES (if listed on the list of legacy algorithm).
The following jdk in java.security, may be used to remove 3DES_EDE_CBC jdbc connect sqlserver.
In Java 8 is disabled by default [cipher suite]:. "SSL_RSA_WITH_3DES_EDE_CBC_SHA"
Then you want to connect successful, to open "SSL_RSA_WITH_3DES_EDE_CBC_SHA", to find the answer is:
Open the folder (JAVA_HOME) / jre / lib / security policy document security in: Java .security
modify jdk.tls.disabledAlgorithms options.
Java jdk.tls.disabledAlgorithms Default 8:
jdk.tls.disabledAlgorithms = the MD5, SSLv3, the DSA, the RSA KeySize <2048
jdk.tls.disabledAlgorithms = SSLv3, the RC4, MD5withRSA,, DH KeySize <1024,
EC KeySize <224, DES40_CBC , RC4_40,3DES_EDE_CBC
In order to open SSL_RSA_WITH_3DES_EDE_CBC_SHA, will 3DES_EDE_CBC commented:
Java 8 的 jdk.tls.disabledAlgorithms 默认值:
jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024,
EC keySize < 224, DES40_CBC, RC4_40
#,3DES_EDE_CBC