java.sql.SQLException: I/O Error: Connection reset when connecting to an external SQL Server 2008 database

Still need help?

The Atlassian Community is here for you.

Ask the community

Symptoms

  • Fisheye will not connect to an external SQL Server 2008 database resulting in the following error message in the application logs:  java.sql.SQLException: I/O Error: Connection reset.

Example sterilized stacktrace:

2012-04-12 10:33:16,842 ERROR [main ] org.springframework.web.context.ContextLoader org.springframework.web.context.ContextLoader-initWebApplicationContext - Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'dbControlFactory' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.cenqua.crucible.hibernate.DBControlFactoryImpl]: Constructor threw exception; nested exception is java.lang.IllegalStateException: Database not available (Unable to connect to SQLServer 2008 database jdbc:jtds:sqlserver://server_name_here:1433/fisheye;instance=mssqlfisheye;ssl=require: java.sql.SQLException: I/O Error: Connection reset). Current state: NO_DB
	at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:288)
  • DBVisualizer will return the same error message in addition to:  SQL State: 08501
  • SQL Server Profiler shows an Audit Login immediately followed by an Audit Logout.

Cause

In Java 6u29, there was a bug introduced which prevents SSL connections to SQL Server 2008 R2. This bug was logged with Oracle as Bug ID: 7103725.

Resolution

Oracle delivered a fix in 6u30, although for at least one affected client not even Java 1.7 worked. Users can get around this bug by downgrading their version of Java (version 1.6.0_24 is confirmed to work) or by passing Java the following property and value:

-Djsse.enableCBCProtection=false

The flag "jsse.enableCBCProtection=false" will disable CBC protection in your SSL connection. You can read more about SSL and CBC here:

http://en.wikipedia.org/wiki/Transport_Layer_Security
http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29

The CBC protection covers the Browser Exploit Against SSL/TLS (BEAST) threat and a security vulnerability in an SSL socketFactory method.

To learn more about BEAST you can search Google :

https://www.google.com/search?q=Browser%20Exploit%20Against%20SSL/TLS  

 

 

 

Last modified on Jul 31, 2018

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.