SSLProtocol
The Microsoft JDBC Driver for SQL Server supports setting the SSL protocol via the connection string. Below is an example of setting the default label using the connection URL.
String conURL = "jdbc:sqlserver://localhost;userName=sa;password=PASSW0RD;database=master;sslProtocol=TLS";
SQLServerConnection con = (SQLServerStatement) DriverManager.getConnection(conURL);
Another way to set the default label is using a SQLServerDataSource object.
SQLServerDataSource ds = new SQLServerDataSource();
ds.setUser("sa");
ds.setPassword("PASSWORD");
ds.setServerName("localhost");
ds.setPortNumber(1433);
ds.setDatabaseName("master");
ds.setSSLProtocol("TLS");
SQLServerConnection con = (SQLServerConnection) ds.getConnection();
TLS, TLSv1, TLSv1.1, TLSv1.2 are the supported protocol labels. The value of the property is used as the protocol on the SSLContext.getInstance method. SSLContext.getInstance method might behave differently depending on the JVM. We recommend reading about this method and the protocol labels before using the sslProtocol property. The following table demonstrates the enabled protocols with Oracle, IBM, and SAP Java runtimes.
| Protocol Label | ORACLE JVM | IBM JVM | SAP JVM |
|---|---|---|---|
| TLS | TLSv1, TLSv1.1, TLSv1.2 | TLSv1 | TLSv1, TLSv1.1, TLSv1.2 |
| TLSv1 | TLSv1 | TLSv1 | TLSv1 |
| TLSv1.1 | TLSv1.1 | TLSv1.1 | TLSv1, TLSv1.1 |
| TLSv1.2 | TLSv1.2 | TLSv1.2 | TLSv1, TLSv1.1, TLSv1.2 |
Suite B and SP800-131A standards require SSL configuration to use TLSv1.2 protocol only. sslProtocol connection property allows the users specify the required SSL protocol version.