Let's say the following error is being returned when connecting to Microsoft SQL Server from a Java client.

com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".

This error can occur when the SSL or TLS version being used is listed as a disabled algorithm in the java.security file. On a Linux system, use the which command to determine the installation directory for the java CLI.

~]$ which java
/usr/bin/java

Determine where the Java files are installed.

~]$ ls -l /usr/bin/java 
lrwxrwxrwx 1 root root 22 Dec  6 07:55 /usr/bin/java -> /etc/alternatives/java

~]$ ls -l /etc/alternatives/java
lrwxrwxrwx 1 root root 73 Dec  6 07:55 /etc/alternatives/java -> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.312.b07-1.el7_9.x86_64/jre/bin/java

Find the java.security file.

~]$ find /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.312.b07-1.el7_9.x86_64 | grep java.security
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.312.b07-1.el7_9.x86_64/jre/lib/security/java.security

The java.security file should have disabled algorithms. Let's say algorithm TLSv1.1 is being used, and is listed as a disabled algorithm. This can cause the error. In this scenario, there are a couple options.

• Use a different algorithm when connecting to Microsoft SQL Server
• Remove the algorithm from the list of disabled algorithms in the java.security file

jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
    DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
    include jdk.disabled.namedCurves