Cannot Connect Confluence to MS SQL Server Using Force Encryption

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

症状

During the initial setup of Confluence the database setup step will fail with the following error in the UI:



You will also see the following in the atlassian-confluence.log:

2014-05-05 11:36:42,440 WARN [com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread-#2] [mchange.v2.resourcepool.BasicResourcePool] run com.mchange.v2.resourcepool.BasicResourcePool$AcquireTask@716cb856 -- Acquisition Attempt Failed!!! Clearing pending acquires. While trying to acquire a needed new resource, we failed to succeed more than the maximum number of allowed acquisition attempts (30). Last acquisition attempt exception: 
java.sql.SQLException: I/O Error: DB server closed connection.
	at net.sourceforge.jtds.jdbc.TdsCore.nextToken(TdsCore.java:2307)
	at net.sourceforge.jtds.jdbc.TdsCore.login(TdsCore.java:602)
	at net.sourceforge.jtds.jdbc.ConnectionJDBC2.<init>(ConnectionJDBC2.java:344)
	at net.sourceforge.jtds.jdbc.ConnectionJDBC3.<init>(ConnectionJDBC3.java:50)
	at net.sourceforge.jtds.jdbc.Driver.connect(Driver.java:182)
	at com.mchange.v2.c3p0.DriverManagerDataSource.getConnection(DriverManagerDataSource.java:134)
	at com.mchange.v2.c3p0.WrapperConnectionPoolDataSource.getPooledConnection(WrapperConnectionPoolDataSource.java:182)
	at com.mchange.v2.c3p0.WrapperConnectionPoolDataSource.getPooledConnection(WrapperConnectionPoolDataSource.java:171)
	at com.mchange.v2.c3p0.impl.C3P0PooledConnectionPool$1PooledConnectionResourcePoolManager.acquireResource(C3P0PooledConnectionPool.java:137)
	at com.mchange.v2.resourcepool.BasicResourcePool.doAcquire(BasicResourcePool.java:1014)
	at com.mchange.v2.resourcepool.BasicResourcePool.access$800(BasicResourcePool.java:32)
	at com.mchange.v2.resourcepool.BasicResourcePool$AcquireTask.run(BasicResourcePool.java:1810)
	at com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread.run(ThreadPoolAsynchronousRunner.java:547)
Caused by: java.io.IOException: DB server closed connection.
	at net.sourceforge.jtds.jdbc.SharedSocket.readPacket(SharedSocket.java:843)
	at net.sourceforge.jtds.jdbc.SharedSocket.getNetPacket(SharedSocket.java:722)
	at net.sourceforge.jtds.jdbc.ResponseStream.getPacket(ResponseStream.java:466)
	at net.sourceforge.jtds.jdbc.ResponseStream.read(ResponseStream.java:103)
	at net.sourceforge.jtds.jdbc.TdsCore.nextToken(TdsCore.java:2202)

原因

Oracle introduced a security fix for the SSL/TLS BEAST attack that is known to interfere with Microsoft JDBC/jTDS connections.  Confluence is unable to acquire a connection against MS SQL Server.

Official Bug Report:

https://bugs.openjdk.java.net/browse/JDK-8014272

ソリューション

Attention

Atlassian applications allow the use of SSL within our products, however Atlassian Support does not provide assistance for configuring it. Consequently, Atlassian can not guarantee providing any support for it.

  • SSL証明書の変更に際してサポートが必要であれば、証明書の提供元のベンダーに相談してください。
  • 設定でサポートが必要な場合、アトラシアン コミュニティに質問を登録してください。
  • To be able to connect to MS SQL you will have to disable the fix for the SSL/TLS BEAST attack, and hence, the DB server will be vulnerable to this type of attack.

The JTDS 1.3.1.jar driver embedded with Confluence contains a bug and does not allow connection to an encrypted MSSQL when using JAVA 1.8. See here for the bug details. You'll need to download the patched JTDS 1.3.1 driver file in order to connect to an SSL encrypted MSSQL database.

  1. Confluence を停止します。

  2. In your <Confluence Install>/bin open the setenv.bat file for windows or setenv.sh for linux.

  3. Search for CATALINA_OPTS (JAVA_OPTS for Confluence 5.5 or below) and include below parameter in the end of the line:

    パラメーター
    -Djsse.enableCBCProtection=false

    If you are starting Confluence as a windows service please follow this guide to add the parameter of step 3 instead of running step 2.

  4. Once you are done start Confluence.
  5. During Confluence installation add "?ssl=true" after the jdbc connection string, the URL will look similar to below one:

    jdbc:jtds:sqlserver://YourConfluenceServer:1433/YourConfluenceDatabase?ssl=true


    *Note that the "?" demarcates the end of the database name and the beginning of the database connection parameters. If you already have connection parameters, you will add a ";ssl=true" instead of "?ssl=true".

  6. Finish the initial setup.


tip/resting Created with Sketch.

For Crowd products, if the above workaround does not help, please try switching the bundled JTDS driver to MSSQL driver as described on:



最終更新日 2023 年 4 月 20 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.