Share via


MS SQL Server 2005 JDBC Driver and SSL

Great news! We just released JDBC v1.2 RTW with SSL support. Here are some tips to help you during development.

1) We have new connection properties for SSL: encrypt, trustServerCertificate, hostNameInCertificate, trustStore, trustStorePassword.

2) By default SSL encryption is OFF. In such scenarios driver does best effort to encrypt ONLY the login packet.

3) If you want to force encryption on the client side, set connection property "encrypt = true". You can also force encryption on the server side. Information on how to do this below.

https://technet.microsoft.com/en-us/library/ms189067.aspx

If server enforces encryption, driver will connect with full encryption regardless of your client encrypt setting (see #4 below for exceptions)

If client enforces encryption, driver will NOT connect to a server that does not support encryption. This is only possible if you are using SQL Server 2000.

4) Driver does not support SSL if your JVM's default JSSE provider does not support strong hash (i.e. hash size > 4K). This behavior is common among 1.4 VMs. If you are using one of these VMs, you will fail to connect to a server that forces encryption when you don't enforce encryption on the client side. One option is to switch to a newer VM version or a 1.4 VM that does support strong hash. Specifying "encrypt=true" on the connection string is also a solution. Be warned that in this case the connection will still fail if your certificate hash is strong.

5) By default, driver ALWAYS validates the Server certificate with SSL encryption. If you don't want the driver to validate Server certificate, you can set "trustServerCertificate=false".

6) Detailed information on MS SQL Server 2005 JDBC Driver v1.2 SSL support available on MSDN.

https://msdn2.microsoft.com/en-us/library/bb879935.aspx

Yesim