One of our production geoservers (2.5) went out of buissnes tonight after its
database server installed the security update
https://technet.microsoft.com/library/security/MS14-066.
The updated server run a sql server 2012 Geoserver connects to this database
from a linux machine trough the sql server and the app schema plugins.
We thought about setting the sql server in force encryption = false but it
seems that the plugin always uses encryption if available.
The logs were full of these reaccurent tries to reconnect to the database.
Anyone know if this has been fixed in later versions of the sql server plugin
or if there are any workarounds we could try.
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could
not establish a secure connection to SQL Server by using Secure Sockets Layer
(SSL) encryption. Error: "Server key".
ClientConnectionId:03ce94e1-9aa3-4d2f-853b-9eb1770ffd1a
at
com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:1667)
at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1668)
at
com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:1323)
at
com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:991)
at
com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:827)
at
com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:1012)
at
org.apache.commons.dbcp.DriverConnectionFactory.createConnection(DriverConnectionFactory.java:38)
at
org.apache.commons.dbcp.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:582)
at
org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:1148)
at
org.apache.commons.dbcp.PoolingDataSource.getConnection(PoolingDataSource.java:106)
at
org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.java:1044)
at
org.geotools.data.jdbc.datasource.AbstractManageableDataSource.getConnection(AbstractManageableDataSource.java:48)
at
org.geotools.jdbc.JDBCDataStore.createConnection(JDBCDataStore.java:1737)
... 105 more
Caused by: javax.net.ssl.SSLException: Server key
at com.sun.net.ssl.internal.ssl.Handshaker.throwSSLException(Unknown
Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1618)
... 116 more
Caused by: java.security.spec.InvalidKeySpecException: Unknown KeySpec type:
java.security.spec.ECPublicKeySpec
at
org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory.engineGeneratePublic(Unknown
Source)
at java.security.KeyFactory.generatePublic(Unknown Source)
at
com.sun.net.ssl.internal.ssl.HandshakeMessage$ECDH_ServerKeyExchange.<init>(Unknown
Source)
... 124 more
Vänliga Hälsningar
Lukas
[http://www.decerno.se/images/decerno_logo_300.png]<http://www.decerno.se/>
Lukas Bergliden
Civilingenjör
Mobil 070 644 96 61 Electrum 234, 164 40 Kista
Direkt 08 630 75 09 Kistagången 16, 7 tr
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
