KB-1676 SSL error when validating a SQL Server data source on Windows Server 2003

Jordan Horwat — Wed, 29 Aug 2018 18:17:17 GMT

Current Revision posted to Appian Knowledge Base by Jordan Horwat on 8/29/2018 6:17:17 PM

Symptoms

When attempting to validate a SQL Server data source hosted on a Windows Server 2003 Operating System, the process will fail with the following error in the application server log:

com.appiancorp.rdbms.datasource.DataSourceValidationException: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)
...
Caused by: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)
...
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".
...
Caused by: java.io.IOException: SQL Server did not return a response. The connection has been closed. ClientConnectionId:

Cause

A recent Oracle JDK patch has added 3DES in the list of legacy algorithms. Given that Windows Server 2003 supports 3DES by default, this will cause calls to the data source to fail.

Action

Update the OS that hosts the data source to a Microsoft supported version.

Workaround

As per the Oracle JDK documentation, remove 3DES from the list of legacy algorithms on the server hosting the Appian application:

On JDK 8 and earlier, edit the <java-home>/lib/security/java.security file and remove 3DES_EDE_CBC from the jdk.tls.legacyAlgorithms security property.

For example, if the current value is:

jdk.tls.legacyAlgorithms= \ K_NULL, C_NULL, M_NULL, \ DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \ DH_RSA_EXPORT, RSA_EXPORT, \ DH_anon, ECDH_anon, \ RC4_128, RC4_40, DES_CBC, DES40_CBC, \ 3DES_EDE_CBC
The new value after removing 3DES_EDE_CBC would be:

jdk.tls.legacyAlgorithms= \ K_NULL, C_NULL, M_NULL, \ DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \ DH_RSA_EXPORT, RSA_EXPORT, \ DH_anon, ECDH_anon, \ RC4_128, RC4_40, DES_CBC, DES40_CBC
Note that this is a low-risk change. It is unlikely to cause a regression since it just affects the order of the negotiated algorithms. 3DES would still be used, if listed on the legacy algorithm list, if no other non-legacy algorithm is available.

Affected Versions

This article applies to all versions of Appian using a SQL Server data source hosted on a Windows Server 2003 Operating System.

Last Reviewed: August 2018

Tags: sql server, database, windows, infrastructure

SSL Error when validating a SQL Server data source on Windows Server 2003

Khalil Ben Naceur — Wed, 29 Aug 2018 16:45:10 GMT

Revision 1 posted to Appian Knowledge Base by Khalil Ben Naceur on 8/29/2018 4:45:10 PM

Symptoms

When attempting to validate a SQL Server data source hosted on a Windows Server 2003 Operating System, the process will fail with the following error in the application server log:

com.appiancorp.rdbms.datasource.DataSourceValidationException: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)

...

Caused by: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)

...

Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".

...

Caused by: java.io.IOException: SQL Server did not return a response. The connection has been closed. ClientConnectionId:

Cause

A recent Oracle JDK patch has added 3DES in the list of legacy algorithms. Given that Windows Server 2003 supports 3DES by default, this will cause calls to the data source to fail.

Action

Update the OS that hosts the data source to a Microsoft supported version.

Workaround

As per the Oracle JDK documentation, remove 3DES from the list of legacy algorithms on the server hosting the Appian application:

On JDK 8 and earlier, edit the java.security file under <java-home>/lib/security/ and remove 3DES_EDE_CBC from the jdk.tls.legacyAlgorithms security property.

For example, if the current value is:

jdk.tls.legacyAlgorithms= \ K_NULL, C_NULL, M_NULL, \ DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \ DH_RSA_EXPORT, RSA_EXPORT, \ DH_anon, ECDH_anon, \ RC4_128, RC4_40, DES_CBC, DES40_CBC, \ 3DES_EDE_CBC
The new value after removing 3DES_EDE_CBC would be:

jdk.tls.legacyAlgorithms= \ K_NULL, C_NULL, M_NULL, \ DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \ DH_RSA_EXPORT, RSA_EXPORT, \ DH_anon, ECDH_anon, \ RC4_128, RC4_40, DES_CBC, DES40_CBC
Note that this is a low-risk change. It is unlikely to cause a regression since it just affects the order of the negotiated algorithms. 3DES would still be used, if listed on the legacy algorithm list, if no other non-legacy algorithm is available.

Affected Versions

This article applies to all versions of Appian using a SQL Server data source hosted on a Windows Server 2003 Operating System.

Tags: sql server, database, windows

DRAFT KB-XXXX SSL Error when validating a SQL Server data source on Windows Server 2003

Jordan Horwat — Wed, 29 Aug 2018 14:09:58 GMT

Revision 17 posted to Appian Knowledge Base by Jordan Horwat on 8/29/2018 2:09:58 PM

Symptoms

When attempting to validate a SQL Server data source hosted on a Windows Server 2003 Operating System, the process will fail with the following error in the application server log:

com.appiancorp.rdbms.datasource.DataSourceValidationException: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)
...
Caused by: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)
...
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".
...
Caused by: java.io.IOException: SQL Server did not return a response. The connection has been closed. ClientConnectionId:

Cause

A recent Oracle JDK patch has added 3DES in the list of legacy algorithms. Given that Windows Server 2003 supports 3DES by default, this will cause calls to the data source to fail.

Action

Update the OS that hosts the data source to a Microsoft supported version.

Workaround

As per the Oracle JDK documentation, remove 3DES from the list of legacy algorithms on the server hosting the Appian application:

On JDK 8 and earlier, edit the <java-home>/lib/security/java.security file and remove 3DES_EDE_CBC from the jdk.tls.legacyAlgorithms security property.

For example, if the current value is:

jdk.tls.legacyAlgorithms= \ K_NULL, C_NULL, M_NULL, \ DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \ DH_RSA_EXPORT, RSA_EXPORT, \ DH_anon, ECDH_anon, \ RC4_128, RC4_40, DES_CBC, DES40_CBC, \ 3DES_EDE_CBC
The new value after removing 3DES_EDE_CBC would be:

jdk.tls.legacyAlgorithms= \ K_NULL, C_NULL, M_NULL, \ DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \ DH_RSA_EXPORT, RSA_EXPORT, \ DH_anon, ECDH_anon, \ RC4_128, RC4_40, DES_CBC, DES40_CBC
Note that this is a low-risk change. It is unlikely to cause a regression since it just affects the order of the negotiated algorithms. 3DES would still be used, if listed on the legacy algorithm list, if no other non-legacy algorithm is available.

Affected Versions

This article applies to all versions of Appian using a SQL Server data source hosted on a Windows Server 2003 Operating System.

Last Reviewed: August 2018

Tags: sql server, database, windows, infrastructure

DRAFT KB-XXXX SSL Error when validating a SQL Server data source on Windows Server 2003

Jordan Horwat — Wed, 29 Aug 2018 14:08:28 GMT

Revision 16 posted to Appian Knowledge Base by Jordan Horwat on 8/29/2018 2:08:28 PM

Symptoms

When attempting to validate a SQL Server data source hosted on a Windows Server 2003 Operating System, the process will fail with the following error in the application server log:

com.appiancorp.rdbms.datasource.DataSourceValidationException: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)
...
Caused by: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)
...
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".
...
Caused by: java.io.IOException: SQL Server did not return a response. The connection has been closed. ClientConnectionId:

Cause

A recent Oracle JDK patch has added 3DES in the list of legacy algorithms. Given that Windows Server 2003 supports 3DES by default, this will cause calls to the data source to fail.

Action

Update the OS that hosts the data source to a Microsoft supported version.

Workaround

As per the Oracle JDK documentation, remove 3DES from the list of legacy algorithms on the server hosting the Appian application:

On JDK 8 and earlier, edit the <java-home>/lib/security/java.security file and remove 3DES_EDE_CBC from the jdk.tls.legacyAlgorithms security property.

For example, if the current value is:

jdk.tls.legacyAlgorithms= \ K_NULL, C_NULL, M_NULL, \ DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \ DH_RSA_EXPORT, RSA_EXPORT, \ DH_anon, ECDH_anon, \ RC4_128, RC4_40, DES_CBC, DES40_CBC, \ 3DES_EDE_CBC
The new value after removing 3DES_EDE_CBC would be:

jdk.tls.legacyAlgorithms= \ K_NULL, C_NULL, M_NULL, \ DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \ DH_RSA_EXPORT, RSA_EXPORT, \ DH_anon, ECDH_anon, \ RC4_128, RC4_40, DES_CBC, DES40_CBC
Note that this is a low-risk change. It is unlikely to cause a regression since it just affects the order of the negotiated algorithms. 3DES would still be used, if listed on the legacy algorithm list, if no other non-legacy algorithm is available.

Affected Versions

This article applies to all versions of Appian using a SQL Server data source hosted on a Windows Server 2003 Operating System.

Last Reviewed: August 2018

Tags: sql server, database, windows, infrastructure

DRAFT KB-XXXX SSL Error when validating a SQL Server data source on Windows Server 2003

Jordan Horwat — Wed, 29 Aug 2018 14:07:44 GMT

Revision 15 posted to Appian Knowledge Base by Jordan Horwat on 8/29/2018 2:07:44 PM

Symptoms

When attempting to validate a SQL Server data source hosted on a Windows Server 2003 Operating System, the process will fail with the following error in the application server log:

com.appiancorp.rdbms.datasource.DataSourceValidationException: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)
...
Caused by: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)
...
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".
...
Caused by: java.io.IOException: SQL Server did not return a response. The connection has been closed. ClientConnectionId:

Cause

A recent Oracle JDK patch has added 3DES in the list of legacy algorithms. Given that Windows Server 2003 supports 3DES by default, this will cause calls to the data source to fail.

Action

Update the OS that hosts the data source to a Microsoft supported version.

Workaround

As per the Oracle JDK documentation, remove 3DES from the list of legacy algorithms on the server hosting the Appian application:

On JDK 8 and earlier, edit the <java-home>/lib/security/java.security file and remove 3DES_EDE_CBC from the jdk.tls.legacyAlgorithms security property.

This article applies to all versions of Appian using a SQL Server data source hosted on a Windows Server 2003 Operating System.

Last Reviewed: August 2018

Tags: sql server, database, windows, infrastructure

DRAFT KB-XXXX SSL Error when validating a SQL Server data source on Windows Server 2003

Jordan Horwat — Wed, 29 Aug 2018 14:06:58 GMT

Revision 14 posted to Appian Knowledge Base by Jordan Horwat on 8/29/2018 2:06:58 PM

Symptoms

When attempting to validate a SQL Server data source hosted on a Windows Server 2003 Operating System, the process will fail with the following error in the application server log:

com.appiancorp.rdbms.datasource.DataSourceValidationException: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)
...
Caused by: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)
...
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".
...
Caused by: java.io.IOException: SQL Server did not return a response. The connection has been closed. ClientConnectionId:

Cause

A recent Oracle JDK patch has added 3DES in the list of legacy algorithms. Given that Windows Server 2003 supports 3DES by default, this will cause calls to the data source to fail.

Action

Update the OS that hosts the data source to a Microsoft supported version.

Workaround

As per the Oracle JDK documentation, remove 3DES from the list of legacy algorithms on the server hosting the Appian application:

On JDK 8 and earlier, edit the java.security file under <java-home>/lib/security/ and remove 3DES_EDE_CBC from the jdk.tls.legacyAlgorithms security property.

For example, if the current value is:

    jdk.tls.legacyAlgorithms= \
        K_NULL, C_NULL, M_NULL, \
        DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
        DH_RSA_EXPORT, RSA_EXPORT, \
        DH_anon, ECDH_anon, \
        RC4_128, RC4_40, DES_CBC, DES40_CBC, \
        3DES_EDE_CBC

The new value after removing 3DES_EDE_CBC would be:

    jdk.tls.legacyAlgorithms= \
        K_NULL, C_NULL, M_NULL, \
        DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
        DH_RSA_EXPORT, RSA_EXPORT, \
        DH_anon, ECDH_anon, \
        RC4_128, RC4_40, DES_CBC, DES40_CBC

Note that this is a low-risk change.  It is unlikely to cause a regression since it just affects the order of the negotiated algorithms.  3DES would still be used, if listed on the legacy algorithm list, if no other non-legacy algorithm is available.

Affected Versions

This article applies to all versions of Appian using a SQL Server data source hosted on a Windows Server 2003 Operating System.

Last Reviewed: August 2018

Tags: sql server, database, windows, infrastructure

DRAFT KB-XXXX SSL Error when validating a SQL Server data source on Windows Server 2003

Jordan Horwat — Wed, 29 Aug 2018 14:05:52 GMT

Revision 13 posted to Appian Knowledge Base by Jordan Horwat on 8/29/2018 2:05:52 PM

Symptoms

When attempting to validate a SQL Server data source hosted on a Windows Server 2003 Operating System, the process will fail with the following error in the application server log:

com.appiancorp.rdbms.datasource.DataSourceValidationException: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)
...
Caused by: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)
...
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".
...
Caused by: java.io.IOException: SQL Server did not return a response. The connection has been closed. ClientConnectionId:

Cause

A recent Oracle JDK patch has added 3DES in the list of legacy algorithms. Given that Windows Server 2003 supports 3DES by default, this will cause calls to the data source to fail.

Action

Update the OS that hosts the data source to a Microsoft supported version.

Workaround

As per the Oracle JDK documentation, remove 3DES from the list of legacy algorithms on the server hosting the Appian application:

On JDK 8 and earlier, edit the java.security file under <java-home>/lib/security/ and remove 3DES_EDE_CBC from the jdk.tls.legacyAlgorithms security property.

For example, if the current value is:

    jdk.tls.legacyAlgorithms= \
        K_NULL, C_NULL, M_NULL, \
        DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
        DH_RSA_EXPORT, RSA_EXPORT, \
        DH_anon, ECDH_anon, \
        RC4_128, RC4_40, DES_CBC, DES40_CBC, \
        3DES_EDE_CBC

The new value after removing 3DES_EDE_CBC would be:

    jdk.tls.legacyAlgorithms= \
        K_NULL, C_NULL, M_NULL, \
        DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
        DH_RSA_EXPORT, RSA_EXPORT, \
        DH_anon, ECDH_anon, \
        RC4_128, RC4_40, DES_CBC, DES40_CBC

Note that this is a low-risk change.  It is unlikely to cause a regression since it just affects the order of the negotiated algorithms.  3DES would still be used, if listed on the legacy algorithm list, if no other non-legacy algorithm is available.

Affected Versions

This article applies to all versions of Appian using a SQL Server data source hosted on a Windows Server 2003 Operating System.

Last Reviewed: August 2018

Tags: sql server, database, windows, infrastructure

DRAFT KB-XXXX SSL Error when validating a SQL Server data source on Windows Server 2003

Jordan Horwat — Wed, 29 Aug 2018 14:04:12 GMT

Revision 12 posted to Appian Knowledge Base by Jordan Horwat on 8/29/2018 2:04:12 PM

Symptoms

When attempting to validate a SQL Server data source hosted on a Windows Server 2003 Operating System, the process will fail with the following error in the application server log:

com.appiancorp.rdbms.datasource.DataSourceValidationException: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)
...
Caused by: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)
...
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".
...
Caused by: java.io.IOException: SQL Server did not return a response. The connection has been closed. ClientConnectionId:

Cause

A recent Oracle JDK patch has added 3DES in the list of legacy algorithms. Given that Windows Server 2003 supports 3DES by default, this will cause calls to the data source to fail.

Action

Update the OS that hosts the data source to a Microsoft supported version.

Workaround

As per the Oracle JDK documentation, remove 3DES from the list of legacy algorithms on the server hosting the Appian application:

On JDK 8 and earlier, edit the java.security file under <java-home>/lib/security/ and remove 3DES_EDE_CBC from the jdk.tls.legacyAlgorithms security property.

For example, if the current value is:

    jdk.tls.legacyAlgorithms= \
        K_NULL, C_NULL, M_NULL, \
        DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
        DH_RSA_EXPORT, RSA_EXPORT, \
        DH_anon, ECDH_anon, \
        RC4_128, RC4_40, DES_CBC, DES40_CBC, \
        3DES_EDE_CBC

The new value after removing 3DES_EDE_CBC would be:

    jdk.tls.legacyAlgorithms= \
        K_NULL, C_NULL, M_NULL, \
        DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
        DH_RSA_EXPORT, RSA_EXPORT, \
        DH_anon, ECDH_anon, \
        RC4_128, RC4_40, DES_CBC, DES40_CBC

Note that this is a low-risk change.  It is unlikely to cause a regression since it just affects the order of the negotiated algorithms.  3DES would still be used, if listed on the legacy algorithm list, if no other non-legacy algorithm is available.

Affected Versions

This article applies to all versions of Appian using a SQL Server data source hosted on a Windows Server 2003 Operating System.

Last Reviewed: August 2018

Tags: sql server, database, windows, infrastructure

DRAFT KB-XXXX SSL Error when validating a SQL Server data source on Windows Server 2003

Jordan Horwat — Wed, 29 Aug 2018 14:03:37 GMT

Revision 11 posted to Appian Knowledge Base by Jordan Horwat on 8/29/2018 2:03:37 PM

Symptoms

When attempting to validate a SQL Server data source hosted on a Windows Server 2003 Operating System, the process will fail with the following error in the application server log:

com.appiancorp.rdbms.datasource.DataSourceValidationException: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)
...
Caused by: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)
...
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".
...
Caused by: java.io.IOException: SQL Server did not return a response. The connection has been closed. ClientConnectionId:

Cause

A recent Oracle JDK patch has added 3DES in the list of legacy algorithms. Given that Windows Server 2003 supports 3DES by default, this will cause calls to the data source to fail.

Action

Update the OS that hosts the data source to a Microsoft supported version.

Workaround

As per the Oracle JDK documentation, remove 3DES from the list of legacy algorithms on the server hosting the Appian application:

On JDK 8 and earlier, edit the java.security file under <java-home>/lib/security/ and remove 3DES_EDE_CBC from the jdk.tls.legacyAlgorithms security property.

For example, if the current value is:

    jdk.tls.legacyAlgorithms= \
        K_NULL, C_NULL, M_NULL, \
        DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
        DH_RSA_EXPORT, RSA_EXPORT, \
        DH_anon, ECDH_anon, \
        RC4_128, RC4_40, DES_CBC, DES40_CBC, \
        3DES_EDE_CBC

The new value after removing 3DES_EDE_CBC would be:

    jdk.tls.legacyAlgorithms= \
        K_NULL, C_NULL, M_NULL, \
        DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
        DH_RSA_EXPORT, RSA_EXPORT, \
        DH_anon, ECDH_anon, \
        RC4_128, RC4_40, DES_CBC, DES40_CBC

Note that this is a low-risk change.  It is unlikely to cause a regression since it just affects the order of the negotiated algorithms.  3DES would still be used, if listed on the legacy algorithm list, if no other non-legacy algorithm is available.

Affected Versions

This article applies to all versions of Appian using a SQL Server data source hosted on a Windows Server 2003 Operating System.

Last Reviewed: August 2018

Tags: sql server, database, windows, infrastructure

DRAFT KB-XXXX SSL Error when validating a SQL Server data source on Windows Server 2003

Jordan Horwat — Wed, 29 Aug 2018 14:03:19 GMT

Revision 10 posted to Appian Knowledge Base by Jordan Horwat on 8/29/2018 2:03:19 PM

Symptoms

When attempting to validate a SQL Server data source hosted on a Windows Server 2003 Operating System, the process will fail with the following error in the application server log:

com.appiancorp.rdbms.datasource.DataSourceValidationException: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)
...
Caused by: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)
...
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".
...
Caused by: java.io.IOException: SQL Server did not return a response. The connection has been closed. ClientConnectionId:

Cause

A recent Oracle JDK patch has added 3DES in the list of legacy algorithms. Given that Windows Server 2003 supports 3DES by default, this will cause calls to the data source to fail.

Action

Update the OS that hosts the data source to a Microsoft supported version.

Workaround

As per the Oracle JDK documentation, remove 3DES from the list of legacy algorithms on the server hosting the Appian application:

On JDK 8 and earlier, edit the java.security file under <java-home>/lib/security/ and remove 3DES_EDE_CBC from the jdk.tls.legacyAlgorithms security property.

For example, if the current value is:

    jdk.tls.legacyAlgorithms= \
        K_NULL, C_NULL, M_NULL, \
        DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
        DH_RSA_EXPORT, RSA_EXPORT, \
        DH_anon, ECDH_anon, \
        RC4_128, RC4_40, DES_CBC, DES40_CBC, \
        3DES_EDE_CBC

The new value after removing 3DES_EDE_CBC would be:

    jdk.tls.legacyAlgorithms= \
        K_NULL, C_NULL, M_NULL, \
        DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
        DH_RSA_EXPORT, RSA_EXPORT, \
        DH_anon, ECDH_anon, \
        RC4_128, RC4_40, DES_CBC, DES40_CBC

Note that this is a low-risk change.  It is unlikely to cause a regression since it just affects the order of the negotiated algorithms.  3DES would still be used, if listed on the legacy algorithm list, if no other non-legacy algorithm is available.

Affected Versions

This article applies to all versions of Appian using a SQL Server data source hosted on a Windows Server 2003 Operating System.

Last Reviewed: August 2018

Tags: sql server, database, windows, infrastructure

DRAFT KB-XXXX SSL Error when validating a SQL Server data source on Windows Server 2003

Khalil Ben Naceur — Wed, 29 Aug 2018 13:27:58 GMT

Revision 9 posted to Appian Knowledge Base by Khalil Ben Naceur on 8/29/2018 1:27:58 PM

Symptoms

When attempting to validate a SQL Server data source hosted on a Windows Server 2003 Operating System, the process will fail with the following error in the application server log:

com.appiancorp.rdbms.datasource.DataSourceValidationException: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)
...
Caused by: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)
...
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".
...
Caused by: java.io.IOException: SQL Server did not return a response. The connection has been closed. ClientConnectionId:

Cause

A recent Oracle JDK patch has added 3DES in the list of legacy algorithms. Given that Windows Server 2003 supports 3DES by default, this will cause calls to the data source to fail.

Action

Update the OS that hosts the data source to a Microsoft supported version.

Workaround

As per the Oracle JDK documentation, remove 3DES from the list of legacy algorithms on the server hosting the Appian application:

On JDK 8 and earlier, edit the java.security file under <java-home>/lib/security/ and remove 3DES_EDE_CBC from the jdk.tls.legacyAlgorithms security property.

For example, if the current value is:

jdk.tls.legacyAlgorithms= \ K_NULL, C_NULL, M_NULL, \ DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \ DH_RSA_EXPORT, RSA_EXPORT, \ DH_anon, ECDH_anon, \ RC4_128, RC4_40, DES_CBC, DES40_CBC, \ 3DES_EDE_CBC
The new value after removing 3DES_EDE_CBC would be:

jdk.tls.legacyAlgorithms= \ K_NULL, C_NULL, M_NULL, \ DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \ DH_RSA_EXPORT, RSA_EXPORT, \ DH_anon, ECDH_anon, \ RC4_128, RC4_40, DES_CBC, DES40_CBC
Note that this is a low-risk change. It is unlikely to cause a regression since it just affects the order of the negotiated algorithms. 3DES would still be used, if listed on the legacy algorithm list, if no other non-legacy algorithm is available.

Affected Versions

This article applies to all versions of Appian using a SQL Server data source hosted on a Windows Server 2003 Operating System.

Last Reviewed: August 2018

Tags: sql server, database, windows, infrastructure

DRAFT KB-XXXX SSL Error when validating a SQL Server data source on Windows Server 2003

Jordan Horwat — Wed, 29 Aug 2018 13:27:19 GMT

Revision 8 posted to Appian Knowledge Base by Jordan Horwat on 8/29/2018 1:27:19 PM

Symptoms

When attempting to validate a SQL Server data source hosted on a Windows Server 2003 Operating System, the process will fail with the following error in the application server log:

com.appiancorp.rdbms.datasource.DataSourceValidationException: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)
...
Caused by: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)
...
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".
...
Caused by: java.io.IOException: SQL Server did not return a response. The connection has been closed. ClientConnectionId:

Cause

A recent Oracle JDK patch has added 3DES in the list of legacy algorithms. Given that Windows Server 2003 supports 3DES by default, this will cause calls to the data source to fail.

Action

Update the OS that hosts the data source to a Microsoft supported version.

Workaround

As per the Oracle JDK documentation, remove 3DES from the list of legacy algorithms on the server hosting the Appian application:

On JDK 8 and earlier, edit the java.security file under <java-home>/lib/security/ and remove 3DES_EDE_CBC from the jdk.tls.legacyAlgorithms security property.

For example, if the current value is:

jdk.tls.legacyAlgorithms= \ K_NULL, C_NULL, M_NULL, \ DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \ DH_RSA_EXPORT, RSA_EXPORT, \ DH_anon, ECDH_anon, \ RC4_128, RC4_40, DES_CBC, DES40_CBC, \ 3DES_EDE_CBC
The new value after removing 3DES_EDE_CBC would be:

jdk.tls.legacyAlgorithms= \ K_NULL, C_NULL, M_NULL, \ DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \ DH_RSA_EXPORT, RSA_EXPORT, \ DH_anon, ECDH_anon, \ RC4_128, RC4_40, DES_CBC, DES40_CBC
Note that this is a low-risk change. It is unlikely to cause a regression since it just affects the order of the negotiated algorithms. 3DES would still be used, if listed on the legacy algorithm list, if no other non-legacy algorithm is available.

Affected Versions

This article applies to all versions of Appian using a SQL Server data source hosted on a Windows Server 2003 Operating System.

Last Reviewed: August 2018

Tags: sql server, database, windows

SSL Error when validating a SQL Server data source on Windows Server 2003

Khalil Ben Naceur — Wed, 29 Aug 2018 13:25:10 GMT

Revision 7 posted to Appian Knowledge Base by Khalil Ben Naceur on 8/29/2018 1:25:10 PM

Symptoms

When attempting to validate a SQL Server data source hosted on a Windows Server 2003 Operating System, the process will fail with the following error in the application server log:

com.appiancorp.rdbms.datasource.DataSourceValidationException: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)
...
Caused by: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)
...
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".
...
Caused by: java.io.IOException: SQL Server did not return a response. The connection has been closed. ClientConnectionId:

Cause

A recent Oracle JDK patch has added 3DES in the list of legacy algorithms. Given that Windows Server 2003 supports 3DES by default, this will cause calls to the data source to fail.

Action

Update the OS that hosts the data source to a Microsoft supported version.

Workaround

As per the Oracle JDK documentation, remove 3DES from the list of legacy algorithms on the server hosting the Appian application:

On JDK 8 and earlier, edit the java.security file under <java-home>/lib/security/ and remove 3DES_EDE_CBC from the jdk.tls.legacyAlgorithms security property.

For example, if the current value is:

jdk.tls.legacyAlgorithms= \ K_NULL, C_NULL, M_NULL, \ DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \ DH_RSA_EXPORT, RSA_EXPORT, \ DH_anon, ECDH_anon, \ RC4_128, RC4_40, DES_CBC, DES40_CBC, \ 3DES_EDE_CBC
The new value after removing 3DES_EDE_CBC would be:

jdk.tls.legacyAlgorithms= \ K_NULL, C_NULL, M_NULL, \ DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \ DH_RSA_EXPORT, RSA_EXPORT, \ DH_anon, ECDH_anon, \ RC4_128, RC4_40, DES_CBC, DES40_CBC
Note that this is a low-risk change. It is unlikely to cause a regression since it just affects the order of the negotiated algorithms. 3DES would still be used, if listed on the legacy algorithm list, if no other non-legacy algorithm is available.

Affected Versions

This article applies to all versions of Appian using a SQL Server data source hosted on a Windows Server 2003 Operating System.

Last Reviewed: August 2018

Tags: sql server, database, windows

SSL Error when validating a SQL Server data source on Windows Server 2003

Khalil Ben Naceur — Wed, 29 Aug 2018 13:18:57 GMT

Revision 6 posted to Appian Knowledge Base by Khalil Ben Naceur on 8/29/2018 1:18:57 PM

Symptoms

When attempting to validate a SQL Server data source hosted on a Windows Server 2003 Operating System, the process will fail with the following error in the application server log:

com.appiancorp.rdbms.datasource.DataSourceValidationException: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)
...
Caused by: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)
...
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".
...
Caused by: java.io.IOException: SQL Server did not return a response. The connection has been closed. ClientConnectionId:

Cause

A recent Oracle JDK patch has added 3DES in the list of legacy algorithms. Given that Windows Server 2003 supports 3DES by default, this will cause calls to the data source to fail.

Action

Update the OS that hosts the data source to a Microsoft supported version.

Workaround

As per the Oracle JDK documentation, remove 3DES from the list of legacy algorithms on the server hosting the Appian application:

On JDK 8 and earlier, edit the java.security file under <java-home>/lib/security/ and remove 3DES_EDE_CBC from the jdk.tls.legacyAlgorithms security property.

Affected Versions

This article applies to all versions of Appian using a SQL Server data source hosted on a Windows Server 2003 Operating System.

Last Reviewed: August 2018

Tags: sql server, database, windows

SSL Error when validating a SQL Server data source on Windows Server 2003

Khalil Ben Naceur — Wed, 29 Aug 2018 13:18:48 GMT

Revision 5 posted to Appian Knowledge Base by Khalil Ben Naceur on 8/29/2018 1:18:48 PM

Symptoms

When attempting to validate a SQL Server data source hosted on a Windows Server 2003 Operating System, the process will fail with the following error in the application server log:

com.appiancorp.rdbms.datasource.DataSourceValidationException: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)
...
Caused by: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)
...
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".
...
Caused by: java.io.IOException: SQL Server did not return a response. The connection has been closed. ClientConnectionId:

Cause

A recent Oracle JDK patch has added 3DES in the list of legacy algorithms. Given that Windows Server 2003 supports 3DES by default, this will cause calls to the data source to fail.

Action

Update the OS that hosts the data source to a Microsoft supported version.

Workaround

As per the Oracle JDK documentation, remove 3DES from the list of legacy algorithms on the server hosting the Appian application:

On JDK 8 and earlier, edit the java.security file under <java-home>/lib/security/ and remove 3DES_EDE_CBC from the jdk.tls.legacyAlgorithms security property.

Affected Versions

This article applies to all versions of Appian using a SQL Server data source hosted on a Windows Server 2003 Operating System.

Last Reviewed: August 2018

Tags: sql server, database, windows

SSL Error when validating a SQL Server data source on Windows Server 2003

Khalil Ben Naceur — Wed, 29 Aug 2018 13:10:30 GMT

Revision 4 posted to Appian Knowledge Base by Khalil Ben Naceur on 8/29/2018 1:10:30 PM

Symptoms

When attempting to validate a SQL Server data source hosted on a Windows Server 2003 Operating System, the process will fail with the following error in the application server log:

com.appiancorp.rdbms.datasource.DataSourceValidationException: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)
...
Caused by: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)
...
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".
...
Caused by: java.io.IOException: SQL Server did not return a response. The connection has been closed. ClientConnectionId:

Cause

A recent Oracle JDK patch has added 3DES in the list of legacy algorithms. Given that Windows Server 2003 supports 3DES by default, this will cause calls to the data source to fail.

Action

Update the OS that hosts the data source to a Microsoft supported version.

Workaround

As per the Oracle JDK documentation, remove 3DES from the list of legacy algorithms on the server hosting the Appian application:

On JDK 8 and earlier, edit the java.security file under <java-home>/lib/security/ and remove 3DES_EDE_CBC from the jdk.tls.legacyAlgorithms security property.

For example, if the current value is:

jdk.tls.legacyAlgorithms= \ K_NULL, C_NULL, M_NULL, \ DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \ DH_RSA_EXPORT, RSA_EXPORT, \ DH_anon, ECDH_anon, \ RC4_128, RC4_40, DES_CBC, DES40_CBC, \ 3DES_EDE_CBC
The new value after removing 3DES_EDE_CBC would be:

jdk.tls.legacyAlgorithms= \ K_NULL, C_NULL, M_NULL, \ DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \ DH_RSA_EXPORT, RSA_EXPORT, \ DH_anon, ECDH_anon, \ RC4_128, RC4_40, DES_CBC, DES40_CBC
Note that this is a low-risk change. It is unlikely to cause a regression since it just affects the order of the negotiated algorithms. 3DES would still be used, if listed on the legacy algorithm list, if no other non-legacy algorithm is available.

Affected Versions

This article applies to all versions of Appian using a SQL Server data source hosted on a Windows Server 2003 Operating System.

Tags: sql server, database, windows

SSL Error when validating a SQL Server data source on Windows Server 2003

Khalil Ben Naceur — Wed, 29 Aug 2018 12:48:17 GMT

Revision 3 posted to Appian Knowledge Base by Khalil Ben Naceur on 8/29/2018 12:48:17 PM

Symptoms

When attempting to validate a SQL Server data source hosted on a Windows Server 2003 Operating System, the process will fail with the following error in the application server log:

com.appiancorp.rdbms.datasource.DataSourceValidationException: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)

...

Caused by: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)

...

Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".

...

Caused by: java.io.IOException: SQL Server did not return a response. The connection has been closed. ClientConnectionId:

Cause

A recent Oracle JDK patch has added 3DES in the list of legacy algorithms. Given that Windows Server 2003 supports 3DES by default, this will cause calls to the data source to fail.

Action

Update the OS that hosts the data source to a Microsoft supported version.

Workaround

As per the Oracle JDK documentation, remove 3DES from the list of legacy algorithms on the server hosting the Appian application:

On JDK 8 and earlier, edit the java.security file under <java-home>/lib/security/ and remove 3DES_EDE_CBC from the jdk.tls.legacyAlgorithms security property.

For example, if the current value is:

jdk.tls.legacyAlgorithms= \ K_NULL, C_NULL, M_NULL, \ DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \ DH_RSA_EXPORT, RSA_EXPORT, \ DH_anon, ECDH_anon, \ RC4_128, RC4_40, DES_CBC, DES40_CBC, \ 3DES_EDE_CBC
The new value after removing 3DES_EDE_CBC would be:

jdk.tls.legacyAlgorithms= \ K_NULL, C_NULL, M_NULL, \ DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \ DH_RSA_EXPORT, RSA_EXPORT, \ DH_anon, ECDH_anon, \ RC4_128, RC4_40, DES_CBC, DES40_CBC
Note that this is a low-risk change. It is unlikely to cause a regression since it just affects the order of the negotiated algorithms. 3DES would still be used, if listed on the legacy algorithm list, if no other non-legacy algorithm is available.

Affected Versions

This article applies to all versions of Appian using a SQL Server data source hosted on a Windows Server 2003 Operating System.

Tags: sql server, database, windows

SSL Error when validating a SQL Server data source on Windows Server 2003

Khalil Ben Naceur — Wed, 29 Aug 2018 12:46:32 GMT

Revision 2 posted to Appian Knowledge Base by Khalil Ben Naceur on 8/29/2018 12:46:32 PM

Symptoms

When attempting to validate a SQL Server data source hosted on a Windows Server 2003 Operating System, the process will fail with the following error in the application server log:

com.appiancorp.rdbms.datasource.DataSourceValidationException: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)

...

Caused by: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".)

...

Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server did not return a response. The connection has been closed. ClientConnectionId:".

...

Caused by: java.io.IOException: SQL Server did not return a response. The connection has been closed. ClientConnectionId:

Cause

A recent Oracle JDK patch has added 3DES in the list of legacy algorithms. Given that Windows Server 2003 supports 3DES by default, this will cause calls to the data source to fail.

Action

Update the OS that hosts the data source to a Microsoft supported version.

Workaround

As per the Oracle JDK documentation, remove 3DES from the list of legacy algorithms on the server hosting the Appian application:

On JDK 8 and earlier, edit the java.security file under <java-home>/lib/security/ and remove 3DES_EDE_CBC from the jdk.tls.legacyAlgorithms security property.

Affected Versions

This article applies to all versions of Appian using a SQL Server data source hosted on a Windows Server 2003 Operating System.

Tags: sql server, database, windows