IBM Support

How to get a DataSource in Websphere 8.5.x working with SQL Server using TLSv1.2?

Question & Answer


Question

I'm trying to get a SQL Datasource working with TLSv1.2 in Websphere Application Server 8.5.5.15 with using Java 8.0.5.27. I'm using the SQL driver version 4.2 (sqljdbc42.jar) I also tried version 7.4 (mssql-jdbc-7.4.1.jre8.jar) but a test connection doesn't work.

Cause

* Websphere is at 8.5.5.15 and SDK 8.0.5.27          
* Most of JDBC driver from third party vendor such as Microsoft JDBC driver is using direct java SSL , its not using WebSphere SSL The driver must match to the SDK version.                         
* sqljdbc42.jar required at java version 8                                   
* From the message""SQL Server did not return a response. The connection has been closed. " It seems database is not responding
* The datasource is defined at cluster level
* Following error return when test connection failed
The test connection operation failed for data source DATASOURCE on server nodeagent at node NODENAME with the following exception: java.sql.SQLException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:cb9e14f9-b053-4c57-a0d9-2cf6a6f1c6d9". DSRA0010E: SQL State = 08S01, Error Code = 0. View JVM logs for further details
                               

Answer

Most of third party JDBC provider using direct java SSL , its not using WebSphere SSL. However, MS JDBC driver code override webSphere code to use java ssl. So for solution any issue related to jdbc SSL is to use Latest JDK along with custom property (-Dcom.ibm.jsse2.overrideDefaultTLS=true ) 
This is  because MS driver code uses this java api SSLContext.getInstance and since jdbc2.0.
Any SQL driver case checklist
 1. SQL server has to use TLSv1.2
 2. WebSphere side make sure latest JAVA
 3. WebSphere side make sure latest jbdc driver that compatible with WAS java 
 4. Define JVM custom property com.ibm.jsse2.overrideDefaultTLS=true or Generic JVM Argument -Dcom.ibm.jsse2.overrideDefaultTLS=true
 5. -Dcom.ibm.jsse2.overridedefaultprotocol=tlsv12 doesn't apply for this java api SSLContext.getInstance 
 that is different java api 
===========
Client update to the latest driver SQL 7.4 and change the JVM's to Java 8.
Also I added the following in the Generic JVM Arguments:  -Dcom.ibm.jsse2.overrideDefaultTLS=true
Issue resolved

[{"Type":"MASTER","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"ARM Category":[{"code":"a8m50000000CdU3AAK","label":"WebSphere Application Server traditional-All Platforms-\u003EJ2C-ConnectionPooling-JDBCDrivers-\u003EConnection Pooling-J2C-DB Connections"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
08 May 2024

UID

ibm11098435

Page Feedback