2021年9月7日 | Leave a comment 问题: windows 10 上正常的 java 程序,部署到 centos 后报错 com.microsoft.sqlserver.jdbc.SQLServerException: 驱动程序无法通过使用安全套接字层(SSL)加密与 SQL Server 建立安全连接。错误:“The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]”。 ClientConnectionId:ea28530d-eb2f-4aa9-837c-03369f974677 at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:3422) ~[mssql-jdbc-9.4.0.jre11.jar!/:na] at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1916) ~[mssql-jdbc-9.4.0.jre11.jar!/:na] at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:2970) ~[mssql-jdbc-9.4.0.jre11.jar!/:na] at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:2628) ~[mssql-jdbc-9.4.0.jre11.jar!/:na] 12345 com.microsoft.sqlserver.jdbc.SQLServerException: 驱动程序无法通过使用安全套接字层(SSL)加密与 SQL Server 建立安全连接。错误:“The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]”。 ClientConnectionId:ea28530d-eb2f-4aa9-837c-03369f974677 at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:3422) ~[mssql-jdbc-9.4.0.jre11.jar!/:na] at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1916) ~[mssql-jdbc-9.4.0.jre11.jar!/:na] at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:2970) ~[mssql-jdbc-9.4.0.jre11.jar!/:na] at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:2628) ~[mssql-jdbc-9.4.0.jre11.jar!/:na] 解决: 貌似升级 sqlserver 2014 有用 过程: 尝试一: java -Djdk.tls.server.protocols=TLSv1.1,TLSv1.2 -Djdk.tls.client.protocols=TLSv1.1,TLSv1.2 -jar crccdemo.jar 报错 com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)". ClientConnectionId:6f594925-653d-407a-bc3a-1392aa6716a0 at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:3422) ~[mssql-jdbc-9.4.0.jre11.jar!/:na] at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1916) ~[mssql-jdbc-9.4.0.jre11.jar!/:na] at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:2970) ~[mssql-jdbc-9.4.0.jre11.jar 12345678 java -Djdk.tls.server.protocols=TLSv1.1,TLSv1.2 -Djdk.tls.client.protocols=TLSv1.1,TLSv1.2 -jar crccdemo.jar 报错 com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)". ClientConnectionId:6f594925-653d-407a-bc3a-1392aa6716a0 at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:3422) ~[mssql-jdbc-9.4.0.jre11.jar!/:na] at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1916) ~[mssql-jdbc-9.4.0.jre11.jar!/:na] at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:2970) ~[mssql-jdbc-9.4.0.jre11.jar 尝试二: 修改 $jdk11/conf/security/java.security 注释掉 jdk.certpath.disabledAlgorithms jdk.tls.disabledAlgorithms Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on keysize limits. RSA 1024bit key used with certificate: CN=SSL_Self_Signed_Fallback. Usage was tls server at java.base/sun.security.util.DisabledAlgorithmConstraints$KeySizeConstraint.permits(DisabledAlgorithmConstraints.java:860) ~[na:na] at java.base/sun.security.util.DisabledAlgorithmConstraints$Constraints.permits(DisabledAlgorithmConstraints.java:467) ~[na:n 1234567 jdk.certpath.disabledAlgorithms jdk.tls.disabledAlgorithms Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on keysize limits. RSA 1024bit key used with certificate: CN=SSL_Self_Signed_Fallback. Usage was tls server at java.base/sun.security.util.DisabledAlgorithmConstraints$KeySizeConstraint.permits(DisabledAlgorithmConstraints.java:860) ~[na:na] at java.base/sun.security.util.DisabledAlgorithmConstraints$Constraints.permits(DisabledAlgorithmConstraints.java:467) ~[na:n 参考: https://asyncstream.com/tutorials/java-tlsv10-not-accepted-by-client-preferences/ https://stackoverflow.com/questions/14149545/java-security-cert-certificateexception-certificates-does-not-conform-to-algori https://community.axonivy.com/d/140-tls-10-and-tls-11-disabled-by-default-with-java-11011 https://docs.microsoft.com/en-us/sql/connect/jdbc/setting-the-connection-properties?view=sql-server-ver15