How to connect to Sybase ASE using JDBC driver and SSL connection

zuckermanori picture zuckermanori · Jul 13, 2015 · Viewed 12.4k times · Source

I'm trying to establish an SSL connection to a Sybase ASE 15.7 using JDBC driver with no luck. I tried the following options:

  1. Using JTDS 1.25 driver (jtds-1.2.5.jar)

    With the following connection string: jdbc:jtds:sybase://host:port;databaseName=dbname;ssl=request

    I got Network error IOException: Connection refused

  2. Using Jconnect 4 (jconn4.jar)

    with the following connection string:

    jdbc:sybase:Tds:host:port/dbname?ENABLE_SSL=true

    I got java.sql.SQLException: JZ00L: Login failed. Examine the SQLWarnings chained to this exception for the reason(s) ... java.sql.SQLException: I/O Error: DB server closed connection.

    I checked the Sybase log see the following error:

    kernel SSL or Crypto Error Message: 'The SSL handshake failed. Root error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol'.

    it looks like the Sybase server expects SSL connection but the java client still not using SSL (although connection string property marks ssl=true).

tried searching Sybase documentation with not much luck, neither for this error nor for SSL with JConnect.

Any answer will be much appreciated - i'm flexible with the type of driver and the configuration.

Thanks

Answer

zuckermanori picture zuckermanori · Oct 29, 2015

After much investigation, I found a solution. 2 actually.

  1. Using trust all certificate JDBC connection string parameter: if you don't mind to trust all certificates (do this only if you entirely trust the network you're working in, especially not anything going on the public internet), you may add a connection string indicating the SSLSocketFactory creating the connection to trust all certificates. The connection string will look as follows: jdbc:sybase:Tds:host:port/dbname?ENABLE_SSL=true&SSL_TRUST_ALL_CERTS=true
  2. Using the sybase certificate: the certificate needs to be imported to the java application trust store. in case you're not working with a designated trust store, it may be imported to the Java default trust store found under $JAVA_HOME\jreX\lib\security\cacerts. The certificate may be imported using keytool as explained here.