websphere + SSLv3 SSLContext not available

Coola picture Coola · Feb 18, 2015 · Viewed 8.1k times · Source

I have a java application that is using hibernate to do a JNDI lookup for the datasource in Websphere Application Server which then talks to a MSSQL database.

The security team has recently patched the Websphere server 8.5.5.4 to disable SSLv3.

As such I'm getting a com.ibm.websphere.ce.cm.StaleConnectionException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encyption. Error: "SSLv3 SSLContext not available".

Before this, I could access the data without any issues.

What can I do to overcome this issue? Do I need to configure the application to use TLS?

I'm using Hibernate 4.3.7.

The hibernate config looks like this.

<hibernate-configuration>
    <session-factory>
    <property name="hibernate.connection.driver_class">net.sourceforge.jtds.jdbc.Driver</property>
    <property name="connection.datasource">jdbc/testing</property>
    <property name="hibernate.dialect">org.hibernate.dialect.SQLServerDialect</property>
    <mapping resource="myApplication.hbm.xml" />
    </session-factory>
</hibernate-configuration>

Any help would be greatly appreciated.

Answer

trikelef picture trikelef · Feb 18, 2015

Maybe you should look at the MSSQL side to check whether TLS (at least 1.0 version) is supported. If not try to enable it.

Otherwise a (not recommended from security view) fix is to enable SSLv3 temporarily by using the following JVM argument until you find a way to communicate through TLS:

-Dcom.ibm.jsse2.disableSSLv3=false