Migration to SQL Server fails with "The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption"

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

Migrating to SQL server fails with following appears in the atlassian-bitbucket.log

Could not get JDBC Connection; nested exception is com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.lang.RuntimeException: Could not generate DH keypair". ClientConnectionId:59f2b121-128b-4f9c-afc6-31e32105a1e1
org.springframework.jdbc.datasource.DataSourceUtils.getConnection(DataSourceUtils.java:80)
...
The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.lang.RuntimeException: Could not generate DH keypair". ClientConnectionId:59f2b121-128b-4f9c-afc6-31e32105a1e1
...
java.lang.RuntimeException: Could not generate DH keypair
sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
...
Could not generate DH keypair
sun.security.ssl.DHCrypt.(DHCrypt.java:142)
sun.security.ssl.DHCrypt.(DHCrypt.java:114)
sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:708)
...
Prime size must be multiple of 64, and can only range from 512 to 2048 (inclusive)
com.sun.crypto.provider.DHKeyPairGenerator.initialize(DHKeyPairGenerator.java:120)
java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:674)
sun.security.ssl.DHCrypt.(DHCrypt.java:128) 

Diagnosis

Environment

  • SQL server is configured with a strong encryption, DHE key with more than 2048 bit
  • Bitbucket is running with a java version which is less than 1.8u161 or 1.7u171

Cause

As explained in JDK-8072452 affected versions support only DHE sizes up to 2048-bits.

Resolution


Last modified on Sep 4, 2019

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.