How to connect to Sybase ASE using JDBC driver and SSL connection

java ssl jdbc sybase jconnect
zuckermanori picture zuckermanori · Jul 13, 2015 · Viewed 12.4k times · Source

I'm trying to establish an SSL connection to a Sybase ASE 15.7 using JDBC driver with no luck. I tried the following options:

  1. Using JTDS 1.25 driver (jtds-1.2.5.jar)

    With the following connection string: jdbc:jtds:sybase://host:port;databaseName=dbname;ssl=request

    I got Network error IOException: Connection refused

  2. Using Jconnect 4 (jconn4.jar)

    with the following connection string:

    jdbc:sybase:Tds:host:port/dbname?ENABLE_SSL=true

    I got java.sql.SQLException: JZ00L: Login failed. Examine the SQLWarnings chained to this exception for the reason(s) ... java.sql.SQLException: I/O Error: DB server closed connection.

    I checked the Sybase log see the following error:

    kernel SSL or Crypto Error Message: 'The SSL handshake failed. Root error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol'.

    it looks like the Sybase server expects SSL connection but the java client still not using SSL (although connection string property marks ssl=true).

tried searching Sybase documentation with not much luck, neither for this error nor for SSL with JConnect.

Any answer will be much appreciated - i'm flexible with the type of driver and the configuration.

Thanks

Answer

zuckermanori picture zuckermanori · Oct 29, 2015

After much investigation, I found a solution. 2 actually.

  1. Using trust all certificate JDBC connection string parameter: if you don't mind to trust all certificates (do this only if you entirely trust the network you're working in, especially not anything going on the public internet), you may add a connection string indicating the SSLSocketFactory creating the connection to trust all certificates. The connection string will look as follows: jdbc:sybase:Tds:host:port/dbname?ENABLE_SSL=true&SSL_TRUST_ALL_CERTS=true
  2. Using the sybase certificate: the certificate needs to be imported to the java application trust store. in case you're not working with a designated trust store, it may be imported to the Java default trust store found under $JAVA_HOME\jreX\lib\security\cacerts. The certificate may be imported using keytool as explained here.

Related questions

The driver could not establish a secure connection to SQL Server by using SSL

I'm having problems connecting to SQL databases. Whenever I try to connect to a SQL server I get the following error; Caused by: org.hibernate.exception.JDBCConnectionException: Error calling Driver#connect at org.hibernate.exception.internal.SQLStateConversionDelegate.convert(SQLStateConversionDelegate.java:132) …

Read More
Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?

Edit :- Tried to format the question and accepted answer in more presentable way at mine Blog Here is the original issue. I am getting this error: detailed message sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.…

Read More
Unable to find valid certification path to requested target - error even after cert imported

I have a Java client trying to access a server with a self-signed certificate. When I try to Post to the server, I get the following error: unable to find valid certification path to requested target Having done some research …

Read More