Since yesterday I'm unable to connect to the MicroSoft SQLServer (v11.1.3000.0) on my local development machine from JBoss EAP 6.2. SQLServer now wants to connect using SSL.
I get the following exception:
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.lang.RuntimeException: Could not generate DH keypair". ClientConnectionId:da0dbbf4-33a0-45ac-9885-fa1e31c47c6e at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:1667) at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1668) at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:1323) at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:991) at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:827) at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:1012) at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:260) ... 28 more Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190) [jsse.jar:1.6] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747) [jsse.jar:1.6] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1708) [jsse.jar:1.6] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1691) [jsse.jar:1.6] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1222) [jsse.jar:1.6] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199) [jsse.jar:1.6] at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1618) ... 33 more Caused by: java.lang.RuntimeException: Could not generate DH keypair at com.sun.net.ssl.internal.ssl.DHCrypt.<init>(DHCrypt.java:114) [jsse.jar:1.6] at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:559) [jsse.jar:1.6] at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:186) [jsse.jar:1.6] at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593) [jsse.jar:1.6] at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529) [jsse.jar:1.6] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:943) [jsse.jar:1.6] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188) [jsse.jar:1.6] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215) [jsse.jar:1.6] ... 35 more Caused by: java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive) at com.sun.crypto.provider.DHKeyPairGenerator.initialize(DashoA13*..) [sunjce_provider.jar:1.6] at java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:627) [rt.jar:1.6.0_45] at com.sun.net.ssl.internal.ssl.DHCrypt.<init>(DHCrypt.java:107) [jsse.jar:1.6] ... 42 moreWhen I connect to the SQLServer (11.0.2100.60) on our test environment everything works fine.
I've done the following: - Made sure I have the right JCE libs in my Java 6 JRE - Updated the sqljdbc4.jar - Read: Java: Why does SSL handshake give 'Could not generate DH keypair' exception?
I haven't tried the workaround from the article above. I'd much rather stop SQLServer from demaning SSL.
How can I stop SQLServer from demanding a SSL connection? Or fix my configuration? And how could this just happen? Was there an automatic update of SQLServer?
I've hit the same problem this morning whereby some unit tests started to fail. I noticed that I was compiling the project with a 1.6 JDK, changing that to 1.7.0_79 made the problem go away.
Not sure what the root cause of the problem is though, haven't had time to investigate further.