mssql-jdbc: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "Unexpected rethrowing".

@peterbae Its the most simple one:

jdbc:sqlserver://WKS-DEV-23;encrypt=false;user=user;password=xxxxxx;applicationName=xxx;databaseName=XXXXX

by rapidly reloading data in my app I just got the exception again (even with encrypt=false which I just added).

Could you use connection property sslProtocol=TLSv1 to force the driver to use TLS 1.0 and let me know if you are still seeing failures? Your connection string would become jdbc:sqlserver://WKS-DEV-23;encrypt=false;user=user;password=xxxxxx;applicationName=xxx;databaseName=XXXXX;sslProtocol=TLSv1;

This is an older thread but I wanted to leave this here in case it helps somebody scouring the Internet…

I was getting this error in an AWS Lambda function and found it was caused by giving the function too little memory. I bumped it up from 128MB to 512MB (probably overkill) and it works now. “The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption” was pretty misleading but it turned out to be too little memory.

We fixed this issue by enforcing sslProtocol=TLSv1.2; in our database connection string.

Currently I am getting this issue

com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: No appropriate protocol (protocol is disabled or cipher suites are inappropriate). at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:1509)

I am trying to connect to mssql server from java dynamic web project.Any help is appreciable

Hi @muhammedOzbilici , Please go through the closed issues, there might already be a solution provided for your problem.

@muhammedOzbilici I don’t think this is the same problem; Yours is “SQL Server did not return a response” which means something else (not sure what!)

But, is it not related to SSL ? If it’s not then, which configuration I have to check on Database side ?

Hi @martinm1000 ,

Thank you for testing the build. I created a PR, please feel free to review it.

Great, now we confirmed that you are seeing the failures because of intermittent TLS1.2 issues.

Please take a look at this article, which explains the cause of the issue (changes to Windows ciphers) and also possible resolution/workarounds.

I would also like to explain why the driver is unable to retry when there is a logic implemented for this. Intermittent TLS1.2 issue is “guessed” by the driver based on the error message from the server. See this line. For some reason, your JDK version wraps the actual and expected exception message SQL Server returned an incomplete response. The connection has been closed. into Unexpected rethrowing. Below is the stack trace of my application with Oracle JDK 11.0.1+13.

com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server returned an incomplete response. The connection has been closed.". ClientConnectionId:f155980e-207c-48c5-a2e4-804bdeb655b9
	at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:2825)
	at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1812)
	at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:2391)
	at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:2042)
	at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectInternal(SQLServerConnection.java:1889)
	at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:1120)
	at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:700)
	at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:677)
	at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:228)
	at Issue849.main(Issue849.java:14)
Caused by: javax.net.ssl.SSLProtocolException: SQL Server returned an incomplete response. The connection has been closed.
	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:126)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:259)
	at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:137)
	at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)
	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
	at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1741)
	... 8 more
Caused by: java.io.IOException: SQL Server returned an incomplete response. The connection has been closed.
	at com.microsoft.sqlserver.jdbc.TDSChannel$SSLHandshakeInputStream.ensureSSLPayload(IOBuffer.java:772)
	at com.microsoft.sqlserver.jdbc.TDSChannel$SSLHandshakeInputStream.readInternal(IOBuffer.java:821)
	at com.microsoft.sqlserver.jdbc.TDSChannel$SSLHandshakeInputStream.read(IOBuffer.java:814)
	at com.microsoft.sqlserver.jdbc.TDSChannel$ProxyInputStream.readInternal(IOBuffer.java:984)
	at com.microsoft.sqlserver.jdbc.TDSChannel$ProxyInputStream.read(IOBuffer.java:974)
	at java.base/sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:448)
	at java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:165)
	at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:108)
	... 12 more

Notice how Caused by: javax.net.ssl.SSLProtocolException: SQL Server returned an incomplete response. The connection has been closed. is different from yours, hence the driver throws the exception without retrying.

Please let me know if you have any other questions.