I have the problem that I cannot connect to my MSSQL server with my Eclipse Scout project (version 23.2.15). The problem is that the server uses TLS10 and the client expects TLS13 or TLS12.
Here is the error message: "The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]"
How can I fix this?
If I use the commands in the startup configurations:
-Djdk.tls.client.protocols=TLSv1
or
-Dhttps.protocols=TLSv1
this does not work either.
With the first command the error message still appears and with the other command this error message appears: "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)", which is also there when I use both commands.
In my project I use Java Temurin 17 and this mssql package:
<groupId>com.microsoft.sqlserver</groupId>
<artifactId>mssql-jdbc</artifactId>
<version>11.2.3.jre17</version>
I also use Tomcat 9 and Docker.
Where exactly do I have to set this? Is this even correct with the startup configuration, or do I perhaps have to set this in a config.properties file? Or does this have to be configured in some Dockerfile? I am also interested in what exactly the server is and what the client is. Is the server the MSSQL server and my application the client? At least it seems so.
I have also seen this post in this forum, but somehow it does not work for me: same error message
If someone could help me with this, that would be really great.
Greetings Felix
I have found an answer myself.
If I use the solution with my own file, which I found here in the forum, then it works.
How do I allow Java client TLS10 connections?
It was important that I specify "encrypt=false" in config.properties for the jdbc mapping.
In my own file (in my case the file is called enableTLS10.security) I had to add ,
jdk.tls.disabledAlgorithms=SSLv3, TLSv1.1, RC4, DES, MD5withRSA, \
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
include jdk.disabled.namedCurves
also,
jdk.tls.legacyAlgorithms=TLSv1, \
K_NULL, C_NULL, M_NULL, \
DH_anon, ECDH_anon, \
RC4_128, RC4_40, DES_CBC, DES40_CBC, \
3DES_EDE_CBC
to make it work.
I also only needed to remove TLSv1, I left TLSv1.1 in. Sometimes it is easier to ask a question and then find the clue in the forum by explaining the problem yourself...