TLS10 is not accepted by client preferences [TLS13, TLS12]

Daniel shared this question 5 months ago
Answered

Hello!

When I create a data source to a SQL Server DB, the following error occurs: javax.net.ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]

I use Oracle's jdk 11

Thanks!

Comments (12)

photo
1

Hi Daniel,

Which particular version of Yellowfin are you running? e.g. 9.7.0.3.

It's possible it could also be the SQL Server which is running TLS 1.0 - are you able to check which version? Secondly, are you using the pre-existing SQL Server driver to connect to the database or have you added a new one?

The TLS1.0 protocol is deprecated and no longer supported as it is not considered secure.

Kind regards,

Chris

photo
1

Hello Chris

YF version is 9.7.0.3

In version 8.0.3 of YF it works correctly with the same connection parameters

I am using the default driver for SQL Server


Thanks!

photo
1

Hi Daniel,

Thanks for letting me know. Is your SQL Server accepting database connections using TLS 1.2 or TLS 1.3?

I believe TLS 1.0 support has been dropped.

Kind regards,

Chris

photo
1

Hello Chris

I don't know if it has stopped supporting TLS 1.0, it is an external database

But my question is: Why does Yellowfin version 8.0.3 work without problems?


Regards

photo
1

Hi Daniel,

I would start by trying to update your SQL Server database driver to a newer version.

Failing that, check the external database's parameters so that TLS1.2 and TLS1.3 are allowed.

Finally you can try removing TLSv1 and TLSv1.1 from the java.security file found in your Java path, e.g. C:\Program Files\Java\jdk-11.0.13\conf\security under the line starting with jdk.tls.disabledAlgorithms - however this is a security risk as mentioned. TLS 1 and 1.1 are no longer considered secure.

Let me know how you get on. The old version of Yellowfin likely works because TLS1.0 wasn't considered insecure when 8.0.3 was released.

Kind regards,

Chris

photo
1

Hello Chris

I would like to try updating the SQL Server driver before enabling TLS 1connections

How do I do it?

Greetings

photo
1

Hi Daniel,

You can download a driver from here: https://docs.microsoft.com/en-us/sql/connect/jdbc/download-microsoft-jdbc-driver-for-sql-server?view=sql-server-ver15

And then upload it via Yellowfin's Plugin Management screen. It should then let you select it when configuring the data source connection.

Kind regards,

Chris

photo
1

Hi Daniel,

Hope you're well.

Just checking in with you on this one, do you need any further help with this?

Kind regards,

Chris

photo
1

Hello Chris

Finally, the solution has been to enable TLS 1 as a secure protocol in java.security file

Greetings

photo
1

Hi Daniel,

That's great to hear!

I'm glad that worked out for you.

I'll go ahead and mark this as answered, but do let me know if you need any additional help on this one.

Kind regards,

Chris

photo
1

Hello Chris

You can close the topic

Thank you and greetings!