ColdFusion 2021 connection to SQL Server over SSL

Report · Mar 01, 2022

I am attempting -- unsuccessfully -- to establish SSL connectivity to SQL Server 2019 from ColdFusion 2021 Enterprise running on Tomcat 9. Tomcat itself is configured with SSL and its own separate web server certificate. I have previously been able to connect ColdFusion Standard 2016 to the SQL instance from a different server, so I'm fairly sure the SQL instance is configured properly.

The Java version for CF is 11.0.14 -- I have checked to make sure that Tomcat and CF are actually running this version of the JVM. I have added the root CA, the web server certificate, and the SQL Server cert to the Java keystore in cacerts for this Java instance. I have also added EncryptionMethod and other parameters to the Connection String in the datasource definition, and pointed it to the correct Java keystore with the correct password.

This is what I get when I try to add the datasource:

SSL socket connection could not be established because JRE 1.4 or above is required.

I don't understand this, because I'm running a recent edition of Java. The same thing happened with the installation default version of 11.0.11. I suspect this error message may be covering up a different issue, but I don't know what it could be. Can anybody tell me what this might mean?! Thanks!

Report · Mar 04, 2022

I can think of a problem from one of two sources:

TLS version error: Does the database server use TLS v1 or TLS v1.1 perhaps? If so, then that will be the likely cause of the error. TLS versions 1.0 and 1.1 are disabled by default from Java 11.0.11 onwards.
Certificate import error: What is the full DOS command that you used to import the certificates into ColdFusion?

Report · Mar 04, 2022

Thanks! For Q1, it's SQL 2019, so it does support TLS 1.2 out of the box; on the OS, TLS 1.0 and 1.1 have been disabled in the registry. I went back and ran some tests, and can verify that the old protocols are really disabled.

For Q2 (with actual system paths and passwords redacted):

(from CMD as administrator)

{JAVA_HOME}\bin\keytool -importcert -alias sqlserver -file {\filepath}\mycertificate.cer -keystore {JAVA_HOME}\lib\security\cacerts -storepass mykeystorepassword -noprompt

{JAVA_HOME}\bin\keytool -list -alias sqlserver -keystore {JAVA_HOME}\lib\security\cacerts -storepass mykeystorepassword

I just tried it from a different connection, using a brand-new instance of CF 2018 Enterprise/Zulu Java 11 on a different box. Connected without any difficulty. I suspect it might have something to do with my local settings.

Report · Mar 05, 2022

Could you share the contents of jvm.config for the instance that is failing to connect? It might contain a TLS-relevant clue.

In fact, an experiment you could do is:

Make a back-up of the jvm.config file.
Use instead a copy of the jvm.config file from the instance that can connect, making the necessary environment changes.
Restart ColdFusion.
Run a query in CF against the SQL Server 2019 database.

Report · Jun 14, 2022

We are having the same issue. We replaced the cert, tried accessing from 2 diffrent web servers. Still "An SSL socket connection could not be established because JRE 1.4 or above is required. We also upgraded to patch 4. Please help!!

Report · Jun 21, 2022

Someone else reported the same issue in this very forum. And they found a solution! 🙂

It may be worth your while to follow the recommendations in the thread: https://community.adobe.com/t5/coldfusion-discussions/coldfusion-2021-data-source-an-ssl-socket-conn...