VERIFIED SOLUTION i

Resolve EngageOne 4.x Error: "SQL Server returned an incomplete response. The connection has been closed" with SSL

Product Feature: Database / SQL

Operating System: Windows

Database: Microsoft SQL Server


 

Issue

When running EngageOne Server Non-Accumulated Batch the following error is shown in the log file:

Error encountered com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: SQL Server returned an incomplete response. The connection has been closed.. 

Cause

Due to some recent Microsoft updates, customer’s may experience connectivity issues to trading partners when using SSL / TLS to secure the connection. Recently, Microsoft has added two new ciphers to Windows, which use a different Key Algorithm. The minimum key length for allowed by these ciphers is 1024 characters. If the key length used by the trading partners is less than this, the SSL /TLS Handshake will fail.

Resolution

UPDATED: November 8, 2017
  • Disable DHE cipher suites :

Warning: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

  1. Open Registry Editor.
  2. Access key exchange algorithm settings by navigating to the following registry location:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms
  3. Select the Diffie-Hellman sub key (if it does not exist, then create it).
  4. Set the Enabled DWORD registry value to 0 (if it does not exist, then create it).
  5. Exit Registry Editor.
  • Impact of the workaround: Encrypted TLS sessions that rely on DHE keys will no longer function unless alternative failover options have been implemented.

https://technet.microsoft.com/en-us/library/security/ms15-055.aspx

1