Cannot Connect Confluence to MS SQL Server Using Force Encryption

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Symptoms

During the initial setup of Confluence the database setup step will fail with the following error in the UI:



You will also see the following in the atlassian-confluence.log:

2014-05-05 11:36:42,440 WARN [com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread-#2] [mchange.v2.resourcepool.BasicResourcePool] run com.mchange.v2.resourcepool.BasicResourcePool$AcquireTask@716cb856 -- Acquisition Attempt Failed!!! Clearing pending acquires. While trying to acquire a needed new resource, we failed to succeed more than the maximum number of allowed acquisition attempts (30). Last acquisition attempt exception: 
java.sql.SQLException: I/O Error: DB server closed connection.
	at net.sourceforge.jtds.jdbc.TdsCore.nextToken(TdsCore.java:2307)
	at net.sourceforge.jtds.jdbc.TdsCore.login(TdsCore.java:602)
	at net.sourceforge.jtds.jdbc.ConnectionJDBC2.<init>(ConnectionJDBC2.java:344)
	at net.sourceforge.jtds.jdbc.ConnectionJDBC3.<init>(ConnectionJDBC3.java:50)
	at net.sourceforge.jtds.jdbc.Driver.connect(Driver.java:182)
	at com.mchange.v2.c3p0.DriverManagerDataSource.getConnection(DriverManagerDataSource.java:134)
	at com.mchange.v2.c3p0.WrapperConnectionPoolDataSource.getPooledConnection(WrapperConnectionPoolDataSource.java:182)
	at com.mchange.v2.c3p0.WrapperConnectionPoolDataSource.getPooledConnection(WrapperConnectionPoolDataSource.java:171)
	at com.mchange.v2.c3p0.impl.C3P0PooledConnectionPool$1PooledConnectionResourcePoolManager.acquireResource(C3P0PooledConnectionPool.java:137)
	at com.mchange.v2.resourcepool.BasicResourcePool.doAcquire(BasicResourcePool.java:1014)
	at com.mchange.v2.resourcepool.BasicResourcePool.access$800(BasicResourcePool.java:32)
	at com.mchange.v2.resourcepool.BasicResourcePool$AcquireTask.run(BasicResourcePool.java:1810)
	at com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread.run(ThreadPoolAsynchronousRunner.java:547)
Caused by: java.io.IOException: DB server closed connection.
	at net.sourceforge.jtds.jdbc.SharedSocket.readPacket(SharedSocket.java:843)
	at net.sourceforge.jtds.jdbc.SharedSocket.getNetPacket(SharedSocket.java:722)
	at net.sourceforge.jtds.jdbc.ResponseStream.getPacket(ResponseStream.java:466)
	at net.sourceforge.jtds.jdbc.ResponseStream.read(ResponseStream.java:103)
	at net.sourceforge.jtds.jdbc.TdsCore.nextToken(TdsCore.java:2202)

Cause

Oracle introduced a security fix for the SSL/TLS BEAST attack that is known to interfere with Microsoft JDBC/jTDS connections.  Confluence is unable to acquire a connection against MS SQL Server.

Official Bug Report:

https://bugs.openjdk.java.net/browse/JDK-8014272

Resolution

Attention

Atlassian applications allow the use of SSL within our products, however Atlassian Support does not provide assistance for configuring it. Consequently, Atlassian can not guarantee providing any support for it.

  • If assistance with conversions of certificates is required, please consult with the vendor who provided the certificate.
  • If assistance with configuration is required, please raise a question on the Atlassian Community.
  • To be able to connect to MS SQL you will have to disable the fix for the SSL/TLS BEAST attack, and hence, the DB server will be vulnerable to this type of attack.

The JTDS 1.3.1.jar driver embedded with Confluence contains a bug and does not allow connection to an encrypted MSSQL when using JAVA 1.8. See here for the bug details. You'll need to download the patched JTDS 1.3.1 driver file in order to connect to an SSL encrypted MSSQL database.

  1. Stop Confluence.

  2. In your <Confluence Install>/bin open the setenv.bat file for windows or setenv.sh for linux.

  3. Search for CATALINA_OPTS (JAVA_OPTS for Confluence 5.5 or below) and include below parameter in the end of the line:

    Parameter 
    -Djsse.enableCBCProtection=false

    If you are starting Confluence as a windows service please follow this guide to add the parameter of step 3 instead of running step 2.

  4. Once you are done start Confluence.

  5. During Confluence installation add "?ssl=true" after the jdbc connection string, the URL will look similar to below one:

    jdbc:jtds:sqlserver://YourConfluenceServer:1433/YourConfluenceDatabase?ssl=true


    *Note that the "?" demarcates the end of the database name and the beginning of the database connection parameters. If you already have connection parameters, you will add a ";ssl=true" instead of "?ssl=true".

  6. Finish the initial setup.


tip/resting Created with Sketch.

For Crowd products, if the above workaround does not help, please try switching the bundled JTDS driver to MSSQL driver as described on:



Last modified on Apr 20, 2023

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.