3

I am in Java 8 v102, using sqljdbc42.jar and jtds-1.3.1.jar to connect to SQL Server 2008 in FIPS mode. I configured my Java with https://www.bouncycastle.org/fips/BCUserGuide.pdf, but I am getting the below error. How can I resolve this?

com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption . Error: "FIPS mode: only SunJSSE TrustManagers may be used".

Robert Columbia
  • 6,313
  • 15
  • 32
  • 40
Saiket Tewary
  • 99
  • 1
  • 1
  • 3
  • Did you solved it, can you share your knowledge please – Michael Biniashvili Jan 31 '17 at 06:33
  • I'm also having this problem. Set up is [as such](https://www.bouncycastle.org/fips/BCUserGuide.pdf#page=10). I think this means some TrustManager implementation that BC is using doesn't extend the SunJSSE one or something? – Graph Theory Mar 09 '17 at 22:50
  • I think [this](https://connect.microsoft.com/SQLServer/feedback/details/790326/jdbc-error-fips-mode-only-sunjsse-trustmanagers-may-be-used) is the same/a similar problem but I don't know how to fix it. – Graph Theory Mar 09 '17 at 22:59
  • I know it has been long time but please comment if any one of you were able to solve it. – ds459 Jul 23 '21 at 23:44

1 Answers1

0

FIPS Mode doesn't allow TrustManager/KeyManager implementation from third-party sources, only SunJSSE KeyManager/TrustManager are supported which are instance of X509TrustManagerImpl/X509KeyManagerImpl.

I overcame this in postgres jdbc where it allowed me to pass custom sslFactory so I passed org.postgresql.ssl.DefaultJavaSSLFactory which in turn will prevent postgres to send it's own KeyManager implementation and will delegate the process to Java to provide with right KeyManager instance.

In other jdbc drivers, you may need to find same configuration to overcome this.

livesamarthgupta
  • 192
  • 1
  • 2
  • 9