Cannot Connect to MS SQL Server Using Force Encryption
Atlassian applications allow the use of SSL within our products, however Atlassian Support does not provide assistance for configuring it. Consequently, Atlassian can not guarantee providing any support for it.
- If assistance with conversions of certificates is required, please consult with the vendor who provided the certificate.
- If assistance with configuration is required, please raise a question on Atlassian Answers.
Symptoms
- JIRA fails to start when running the JIRA startup checks.
- The exception below is thrown even after importing the server certificate as suggested on the KB Unable to Connect to MS SQL Server Due to DB server closed connection.
The following appears in the atlassian-jira.log
:
2013-10-07 11:20:02,731 main ERROR [NoModule] Error getting datasource via DBCP: JdbcDatasourceInfo{uri='jdbc:jtds:sqlserver://sqlserverhostname:1433/jiradb;ssl=true;', driverClassName='net.sourceforge.jtds.jdbc.Driver', username='jirauser', password='********', isolationLevel='null', connectionProperties=null, connectionPoolInfo=ConnectionPoolInfo{maxSize=15, minSize=2, initialSize=null, maxIdle=15, maxWait=60000, sleepTime=300000, lifeTime=600000, deadLockMaxWait=600000, deadLockRetryWait=10000, validationQuery=null, minEvictableTimeMillis=null, timeBetweenEvictionRunsMillis=null, poolPreparedStatements=null, testOnBorrow=null, testOnReturn=null, testWhileIdle=null, maxOpenPreparedStatements=null, numTestsPerEvictionRun=null, removeAbandonedTimeout=null, validationQueryTimeout=null, defaultCatalog=null}}
org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (I/O Error: DB server closed connection.)
at org.apache.commons.dbcp.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:1549)
(...)
at com.atlassian.jira.startup.LauncherContextListener.contextInitialized(LauncherContextListener.java:95) <+12> (StandardContext.java:4205) (StandardContext.java:4704) (ContainerBase.java:1053) (StandardHost.java:840) (ContainerBase.java:1053) (StandardEngine.java:463) (StandardService.java:525) (StandardServer.java:754) (Catalina.java:595) (NativeMethodAccessorImpl.java:39) (DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597) <+2> (Bootstrap.java:289) (Bootstrap.java:414)
Caused by: java.sql.SQLException: I/O Error: DB server closed connection.
at net.sourceforge.jtds.jdbc.TdsCore.nextToken(TdsCore.java:2311)
at net.sourceforge.jtds.jdbc.TdsCore.login(TdsCore.java:603)
at net.sourceforge.jtds.jdbc.ConnectionJDBC2.<init>(ConnectionJDBC2.java:357)
at net.sourceforge.jtds.jdbc.ConnectionJDBC3.<init>(ConnectionJDBC3.java:50)
at net.sourceforge.jtds.jdbc.Driver.connect(Driver.java:184) <+2>
at org.apache.commons.dbcp.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:582)
at org.apache.commons.dbcp.BasicDataSource.validateConnectionFactory(BasicDataSource.java:1556)
at org.apache.commons.dbcp.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:1545)
... 47 more
Cause
Oracle introduced a security fix for the SSL/TLS BEAST attack that is known to interfere with Microsoft JDBC/jTDS connections.
Setting the -Djsse.enableCBCProtection=false system variable will disable the fix and potentially allow the connection.
Resolution
Attention
Stop JIRA.
Include the parameter below in your JIRA startup as per the instructions on the Setting Properties and Options on Startup document:
JVM_SUPPORT_RECOMMENDED_ARGS="-Djsse.enableCBCProtection=false"
- Save the changes and start JIRA.
Please note that the DB connection string must have the "ssl=true" parameter.