From 4b2641eaf53dfb3a701bb489a8247817667b5b77 Mon Sep 17 00:00:00 2001
From: lilgreenbird <v-susanh@microsoft.com>
Date: Wed, 20 Jul 2022 15:29:22 -0700
Subject: [PATCH] Added TDS version 8 for strict mode (#1870)

---
 .../java/com/microsoft/sqlserver/jdbc/IOBuffer.java  | 12 +++++++-----
 .../sqlserver/jdbc/SQLServerConnection.java          |  5 ++++-
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/IOBuffer.java b/src/main/java/com/microsoft/sqlserver/jdbc/IOBuffer.java
index da8c2a5557..51345c8828 100644
--- a/src/main/java/com/microsoft/sqlserver/jdbc/IOBuffer.java
+++ b/src/main/java/com/microsoft/sqlserver/jdbc/IOBuffer.java
@@ -150,9 +150,11 @@ private ExtendedSocketOptions() {}
 
 
 final class TDS {
-    // TDS protocol versions
-    static final String VER_TDS80 = "tds/8.0"; // TLS-first connections
+    // application protocol
+    static final String PROTOCOL_TDS80 = "tds/8.0"; // TLS-first connections
 
+    // TDS versions
+    static final int VER_TDS80 = 0x8000000; // TDS 8.0
     static final int VER_DENALI = 0x74000004; // TDS 7.4
     static final int VER_KATMAI = 0x730B0003; // TDS 7.3B(includes null bit compression)
     static final int VER_YUKON = 0x72090002; // TDS 7.2
@@ -1768,7 +1770,7 @@ else if (con.getTrustManagerClass() != null) {
 
                 // set ALPN values
                 SSLParameters sslParam = sslSocket.getSSLParameters();
-                sslParam.setApplicationProtocols(new String[] {TDS.VER_TDS80});
+                sslParam.setApplicationProtocols(new String[] {TDS.PROTOCOL_TDS80});
                 sslSocket.setSSLParameters(sslParam);
             } else {
                 // don't close proxy when SSL socket is closed
@@ -1793,9 +1795,9 @@ else if (con.getTrustManagerClass() != null) {
 
                 // check negotiated ALPN
                 if (null != negotiatedProtocol && !(negotiatedProtocol.isEmpty())
-                        && negotiatedProtocol.compareToIgnoreCase(TDS.VER_TDS80) != 0) {
+                        && negotiatedProtocol.compareToIgnoreCase(TDS.PROTOCOL_TDS80) != 0) {
                     MessageFormat form = new MessageFormat(SQLServerException.getErrString("R_ALPNFailed"));
-                    Object[] msgArgs = {TDS.VER_TDS80, negotiatedProtocol};
+                    Object[] msgArgs = {TDS.PROTOCOL_TDS80, negotiatedProtocol};
                     con.terminate(SQLServerException.DRIVER_ERROR_SSL_FAILED, form.format(msgArgs));
                 }
             }
diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java
index d0962daa16..296260536f 100644
--- a/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java
+++ b/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerConnection.java
@@ -6037,8 +6037,11 @@ final boolean complete(LogonCommand logonCommand, TDSReader tdsReader) throws SQ
         byte netAddress[] = new byte[6];
         int dataLen = 0;
 
+        // TDS version 8 if strict mode
         // Denali --> TDS 7.4, Katmai (10.0) & later 7.3B, Prelogin disconnects anything older
-        if (serverMajorVersion >= 11) {
+        if (encryptOption.compareToIgnoreCase(EncryptOption.Strict.toString()) == 0) {
+            tdsVersion = TDS.VER_TDS80;
+        } else if (serverMajorVersion >= 11) {
             tdsVersion = TDS.VER_DENALI;
         } else if (serverMajorVersion >= 10) {
             tdsVersion = TDS.VER_KATMAI;