Confluence 7.x throws "Can't reach database server or port" error when connecting to Microsoft SQL server

Still need help?

The Atlassian Community is here for you.

Ask the community


Platform Notice: Server and Data Center Only - This article only applies to Atlassian products on the server and data center platforms.

Summary

Confluence 7.x displays the following error message to administrators when connecting to a Microsoft SQL database: 

OR Confluence fails to start and you see a similar error to the below in the logs after upgrading and starting confluence. 

SQLState - 08S01
com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "Server chose TLSv1, but that protocol version is not enabled or not supported by the client."

Environment

  • Confluence 7.1.0 and above

  • Microsoft SQL Server 2014 and older versions

Diagnosis

This message appears when Confluence 7.x attempts to connect the Microsoft SQL server but failed.

SQLState - 08S01
com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "Server chose TLSv1, but that protocol version is not enabled or not supported by the client."

You will see a similar error in the logs as well. 

Cause

This is because, since Confluence 7.1.0 we introduced the below JVM arguments as TLSv1 is no longer secure:

-Djdk.tls.server.protocols=TLSv1.1,TLSv1.2 -Djdk.tls.client.protocols=TLSv1.1,TLSv1.2

Workaround

In Windows, Confluence running as a service:

  1. Identify the name of the service that Confluence is installed as in Windows (Go to Control Panel > Administrative Tools > Services

    We are expecting to see a service name like this Confluence251017164028

  2. Open the command window (Choose Start > cmd.exe)

  3. cd to the bin directory of your Confluence installation folder and run the following command: 

    tomcat9w.exe //ES//%service_name%
  4. Click on the Java tab to see the list of current start-up options
  5. In the Java Options box, update 

    1. from: 

      -Djdk.tls.server.protocols=TLSv1.1,TLSv1.2 
      -Djdk.tls.client.protocols=TLSv1.1,TLSv1.2
    2. to: 

      -Djdk.tls.server.protocols=TLSv1,TLSv1.1,TLSv1.2 
      -Djdk.tls.client.protocols=TLSv1,TLSv1.1,TLSv1.2
  6. Restart the service 

    For more details, please refer to Configuring System Properties - Windows service

In Linux:

  1. Open the setenv.sh from Confluence installation folder
  2. Edit the following line
    1. From 

      CATALINA_OPTS="-Djdk.tls.server.protocols=TLSv1.1,TLSv1.2 -Djdk.tls.client.protocols=TLSv1.1,TLSv1.2 ${CATALINA_OPTS}"
    2. To 

      CATALINA_OPTS="-Djdk.tls.server.protocols=TLSv1,TLSv1.1,TLSv1.2 -Djdk.tls.client.protocols=TLSv1,TLSv1.1,TLSv1.2 ${CATALINA_OPTS}"
  3. Restart Confluence

Permanent fix

Enable TLS 1.2 support, for more details, please refer to TLS 1.2 support for Microsoft SQL Server


DescriptionGetting error message when attempting to connect to MSSQL due to TLSv1
ProductConfluence Server



Last modified on Nov 12, 2021

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.