tracker issue : CF-4204087

select a category, or use search below
(searches all categories and all time range)

DataSource SSL Encryption broken with CF2016 Update 8/9/10 and CF2018 Update 3

| View in Tracker

Status/Resolution/Reason: To Track//ThirdParty

Reporter/Name(from Bugbase): Benjamin R. / ()

Created: 03/12/2019

Components: Database, JDBC

Versions: 2016

Failure Type: Incorrectly functioning

Found In Build/Fixed In Build: 2016,0,10,314028 /

Priority/Frequency: Normal / Some users will encounter

Locale/System: English / Win 2012 Server x64

Vote Count: 2

Problem Description:
After installing latest update (CF2016 Update 8/9 or 10 and/or CF2018 Update 3) datasources (using the built-in JDBC SQL Server driver) that have SSL encryption enabled with a trusted wildcard-SSL certificate fail to verify or connect. The connection string is set to "EncryptionMethod=SSL; CryptoProtocolVersion=TLSv1.2; ValidateServerCertificate=0;". Prior to loading the update, the datasource would verify and connect; post loading the update it would fail with the error message below. If the SSL connection string is removed, it does connect and verify.

Exact error message is:
Connection verification failed for data source: XXXXX
java.sql.SQLException: Timed out trying to establish connection
The root cause was that: java.sql.SQLException: Timed out trying to establish connection

Steps to Reproduce:
Have the above SSL connection string set in the datasource. Click the button to verify the datasource (or try to connect with a query). Note: for this issue to occur the SQL Server must be configured to accept SSL encrypted connections.

Actual Result:
DataSource fails to verify or connect with error message above.

Expected Result:
Datasource would verify and connect without error.

Any Workarounds:
Work-around provided by Nimit Sharma (Adobe Engineering Team) - revert the updated database drivers JAR file by copying the backed-up version in the relevant hf_updates backup directory and replace over cfusion\lib version. Restart service. (Note: for CF2016 the file is macromedia_drivers.jar; for CF2018 the file is adobe_drivers.jar).