当连接Java(IBM JRE 1.6或1.7)和MS JDBC Driver 4.0.2206.100时,登录是确定的,或者整个连接是加密的(SSL / TLS或TDS或??)。 (驱动程序加密的默认值= false或空白信息here; MS JDBC博客信息here)
某些实例正常工作会给出错误"RSA premaster secret error"(下面的整个堆栈跟踪)。所有MS SQL实例都没有启用SSL。
当使用IBM Java Cryptography Extension(JCE)Unlimited Strength(美国出口限制)时,我也可以连接到之前在RSA机密错误之前给我的实例。
似乎MS SQL实例的区别在于“登录为”用户(不同的域用户)
问题1:如何查找有关加密/证书(长度/强度/ ...)的详细信息? 在没有启用SSL的MS SQL上,如何识别用于JDBC连接的证书
完整堆栈错误跟踪(IBM JRE 不使用无限强度JCE)
000000c0 DSConfigurati W DSRA8201W: DataSource Configuration: DSRA8040I: Failed to connect to the DataSource null. Encountered java.sql.SQLException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "RSA premaster secret error". ClientConnectionId:a5af5544-1768-49bc-b91d-87169cd06306 DSRA0010E: SQL State = 08S01, Error Code = 0.
java.sql.SQLException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "RSA premaster secret error". ClientConnectionId:a5af5544-1768-49bc-b91d-87169cd06306 DSRA0010E: SQL State = 08S01, Error Code = 0
at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:1667)
at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1668)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:1323)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:991)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:827)
at com.microsoft.sqlserver.jdbc.SQLServerDataSource.getConnectionInternal(SQLServerDataSource.java:621)
at com.microsoft.sqlserver.jdbc.SQLServerPooledConnection.createNewConnection(SQLServerPooledConnection.java:60)
at com.microsoft.sqlserver.jdbc.SQLServerPooledConnection.<init>(SQLServerPooledConnection.java:42)
at com.microsoft.sqlserver.jdbc.SQLServerConnectionPoolDataSource.getPooledConnection(SQLServerConnectionPoolDataSource.java:34)
at com.ibm.ws.rsadapter.DSConfigHelper$1.run(DSConfigHelper.java:1273)
at com.ibm.ws.security.auth.ContextManagerImpl.runAs(ContextManagerImpl.java:5477)
at com.ibm.ws.security.auth.ContextManagerImpl.runAsSystem(ContextManagerImpl.java:5603)
at com.ibm.ws.security.core.SecurityContext.runAsSystem(SecurityContext.java:255)
at com.ibm.ws.rsadapter.spi.ServerFunction$6.run(ServerFunction.java:567)
at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
at com.ibm.ws.rsadapter.DSConfigHelper.getPooledConnection(DSConfigHelper.java:1288)
at com.ibm.ws.rsadapter.DSConfigHelper.getPooledConnection(DSConfigHelper.java:1196)
at com.ibm.ws.rsadapter.DSConfigurationHelper.getConnectionFromDSOrPooledDS(DSConfigurationHelper.java:2075)
at com.ibm.ws.rsadapter.DSConfigurationHelper.getConnectionFromDSOrPooledDS(DSConfigurationHelper.java:1951)
at com.ibm.ws.rsadapter.DSConfigurationHelper.testConnectionToDataSource(DSConfigurationHelper.java:1763)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at com.ibm.ws.management.DataSourceConfigHelperMBean.testConnectionToDataSource(DataSourceConfigHelperMBean.java:330)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:69)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:272)
at javax.management.modelmbean.RequiredModelMBean$4.run(RequiredModelMBean.java:1152)
at java.security.AccessController.doPrivileged(AccessController.java:388)
at com.ibm.oti.security.CheckedAccessControlContext.securityCheck(CheckedAccessControlContext.java:30)
at sun.misc.JavaSecurityAccessWrapper.doIntersectionPrivilege(JavaSecurityAccessWrapper.java:41)
at javax.management.modelmbean.RequiredModelMBean.invokeMethod(RequiredModelMBean.java:1146)
at javax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.java:999)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:847)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:783)
at com.ibm.ws.management.AdminServiceImpl$1.run(AdminServiceImpl.java:1350)
at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
at com.ibm.ws.management.AdminServiceImpl.invoke(AdminServiceImpl.java:1243)
at com.ibm.ws.management.connector.AdminServiceDelegator.invoke(AdminServiceDelegator.java:181)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at com.ibm.ws.management.connector.soap.SOAPConnector.invoke(SOAPConnector.java:488)
at com.ibm.ws.management.connector.soap.SOAPConnector.service(SOAPConnector.java:322)
at com.ibm.ws.management.connector.soap.SOAPConnection.handleRequest(SOAPConnection.java:65)
at com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnection.java:733)
at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:522)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1881)
Caused by: javax.net.ssl.SSLKeyException: RSA premaster secret error
at com.ibm.jsse2.kb.<init>(kb.java:86)
at com.ibm.jsse2.mb.a(mb.java:419)
at com.ibm.jsse2.mb.a(mb.java:71)
at com.ibm.jsse2.lb.t(lb.java:241)
at com.ibm.jsse2.lb.a(lb.java:3)
at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:855)
at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:320)
at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:676)
at com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:620)
at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1618)
... 55 more
Caused by: java.security.InvalidKeyException: Illegal key size or default parameters
at javax.crypto.Cipher.a(Unknown Source)
at javax.crypto.Cipher.a(Unknown Source)
at javax.crypto.Cipher.a(Unknown Source)
at javax.crypto.Cipher.init(Unknown Source)
at com.ibm.jsse2.kb.<init>(kb.java:115)
... 64 more
==============更新:==============
SQL根据名称(see this MS support link from Sep 12, 2008)
定位/选择证书SQL Server查看证书存储区以查找与SQL Server计算机名称的完全限定域名系统(FQDN)同名的证书
因此,如果服务器具有匹配名称的证书,它将尝试使用它。如果该证书使用比JRE / JDK支持的更强的enc,您将收到上述错误消息
同时检查此注册表项(为您的实例/版本修改 MSSQL11.MSSQLSERVER 部分)
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Server \ MSSQL11.MSSQLSERVER \ MSSQLServer \ SuperSocketNetLib
这里PS检查
Get-ItemProperty "hklm:\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQLServer\SuperSocketNetLib"
答案 0 :(得分:0)
如果此选项适用于IBM JDK,我建议使用-Djavax.net.debug = all运行测试。如果没有,请尝试为IBM JDK找到类似的选项。作为最后的手段使用网络数据包嗅探器。
通过这种方式,您可以了解谁抱怨:SQL服务器或运行客户端的JDK。
如果可能或在OpenJDK下,我也会尝试在Oracle JDK下运行相同的测试。通过这种方式,您可以查明问题的原因。