java 由于 SSLException 无法连接到 SQLServer
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/37855449/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Unable to connect to SQLServer because of SSLException
提问by Sparwer
Since yesterday I'm unable to connect to the MicroSoft SQLServer (v11.1.3000.0) on my local development machine from JBoss EAP 6.2. SQLServer now wants to connect using SSL.
从昨天开始,我无法从 JBoss EAP 6.2 连接到本地开发机器上的 MicroSoft SQLServer (v11.1.3000.0)。SQLServer 现在想要使用 SSL 进行连接。
I get the following exception:
我收到以下异常:
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.lang.RuntimeException: Could not generate DH keypair". ClientConnectionId:da0dbbf4-33a0-45ac-9885-fa1e31c47c6e
at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:1667)
at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1668)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:1323)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:991)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:827)
at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:1012)
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:260)
... 28 more
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190) [jsse.jar:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747) [jsse.jar:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1708) [jsse.jar:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1691) [jsse.jar:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1222) [jsse.jar:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199) [jsse.jar:1.6]
at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1618)
... 33 more
Caused by: java.lang.RuntimeException: Could not generate DH keypair
at com.sun.net.ssl.internal.ssl.DHCrypt.<init>(DHCrypt.java:114) [jsse.jar:1.6]
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:559) [jsse.jar:1.6]
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:186) [jsse.jar:1.6]
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593) [jsse.jar:1.6]
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529) [jsse.jar:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:943) [jsse.jar:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188) [jsse.jar:1.6]
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215) [jsse.jar:1.6]
... 35 more
Caused by: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive)
at com.sun.crypto.provider.DHKeyPairGenerator.initialize(DashoA13*..) [sunjce_provider.jar:1.6]
at java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:627) [rt.jar:1.6.0_45]
at com.sun.net.ssl.internal.ssl.DHCrypt.<init>(DHCrypt.java:107) [jsse.jar:1.6]
... 42 more
When I connect to the SQLServer (11.0.2100.60) on our test environment everything works fine.
当我在我们的测试环境中连接到 SQLServer (11.0.2100.60) 时,一切正常。
I've done the following: - Made sure I have the right JCE libs in my Java 6 JRE - Updated the sqljdbc4.jar - Read: Java: Why does SSL handshake give 'Could not generate DH keypair' exception?
我已经完成了以下操作: - 确保我的 Java 6 JRE 中有正确的 JCE 库 - 更新了 sqljdbc4.jar - 阅读:Java:为什么 SSL 握手会给出“无法生成 DH 密钥对”异常?
I haven't tried the workaround from the article above. I'd much rather stop SQLServer from demaning SSL.
我还没有尝试过上面文章中的解决方法。我宁愿阻止 SQLServer 要求 SSL。
How can I stop SQLServer from demanding a SSL connection? Or fix my configuration? And how could this just happen? Was there an automatic update of SQLServer?
如何阻止 SQLServer 要求 SSL 连接?或者修复我的配置?这怎么会发生?是否有 SQLServer 的自动更新?
回答by Mike
I've hit the same problem this morning whereby some unit tests started to fail. I noticed that I was compiling the project with a 1.6 JDK, changing that to 1.7.0_79 made the problem go away.
今天早上我遇到了同样的问题,一些单元测试开始失败。我注意到我正在使用 1.6 JDK 编译项目,将其更改为 1.7.0_79 使问题消失。
Not sure what the root cause of the problem is though, haven't had time to investigate further.
不确定问题的根本原因是什么,还没有时间进一步调查。
回答by Brian
I had the same issue start today. Connecting with a Java application (working on Tuesday) but not able to use the same application today (Thursday). I have Windows 10 with automatic software updates and I am running Microsoft SQL Server 2014 (2014 Express 12.0.2000.8). I confirmed the protocols (SQL Server Configuration Manager > SQL Server Network Configuration > Protocols for SQLEXPRESS (Properties) . Force Encryption = "No"). I rolled back Windows KB3163018 and restarted the computer and was able to connect.
我今天开始遇到同样的问题。与 Java 应用程序连接(周二工作),但今天(周四)无法使用相同的应用程序。我有带自动软件更新的 Windows 10,我正在运行 Microsoft SQL Server 2014 (2014 Express 12.0.2000.8)。我确认了协议(SQL Server Configuration Manager > SQL Server Network Configuration > Protocols for SQLEXPRESS (Properties) 。Force Encryption = "No")。我回滚了 Windows KB3163018 并重新启动了计算机并能够连接。
回答by Milan Desai
This issue is related to Oracle JDK and the export policies by the US government.
此问题与 Oracle JDK 和美国政府的出口政策有关。
Corresponding unlimited JCE-files can be found here: http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
相应的无限 JCE 文件可以在这里找到:http: //www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
extract zip and replace local_policy.jar, US_export_policy.jar in jre/lib/security
解压 zip 并替换 jre/lib/security 中的 local_policy.jar、US_export_policy.jar
