Microsoft KB Archive/826080

= FIX: SQL Server 2000 protocol encryption applies to JDBC clients =

Article ID: 826080

Article Last Modified on 11/2/2007

-

APPLIES TO


 * Microsoft SQL Server 2000 Developer Edition
 * Microsoft SQL Server 2000 Standard Edition
 * Microsoft SQL Server 2000 Enterprise Edition
 * Microsoft SQL Server 2000 Personal Edition
 * Microsoft SQL Server 2000 Enterprise Edition
 * Microsoft SQL Server 2000 Workgroup Edition
 * Microsoft SQL Server 2000 Desktop Engine (Windows)
 * Microsoft SQL Server 2000 Developer Edition
 * Microsoft SQL Server 2000 Enterprise Edition 64-bit

-



Bug #: 470049 (SHILOH_BUGS)



SYMPTOMS
In Microsoft SQL Server 2000, you can enable protocol encryption for all clients or for individual clients. The Force Protocol Encryption Server Network Utility option forces all incoming connections to be encrypted.

To implement protocol encryption, the driver must access the Secure Sockets Layer (SSL) protocol. Specifically, protocol encryption uses SSL application programming interfaces (APIs) that are implemented in Microsoft Windows NT. However, a problem occurs with Type 4 JDBC drivers because they are not permitted to directly call system DLLs. There is no library in Java 1.4 or earlier that emulates the protocol encryption behavior of SSL from Windows NT. If you do not apply this fix or SQL Server 2000 Service Pack 4 (SP4), SQL Server silently accepts connections from JDBC. This gives the false impression that the connections are actually encrypted. If the Force Protocol encryption option is turned on on the server side after you apply the fix, JDBC clients trying to connect to SQL server will not connect. This problem occurs because the current versions of JDBC drivers from Microsoft do not support SSL connections.



Service pack information
To resolve this problem, obtain the latest service pack for SQL Server 2000. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

290211 How to obtain the latest SQL Server 2000 service pack

Hotfix information
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.   Date         Time   Version             Size   File name --  31-May-2003  18:45  2000.80.818.0      78,400  Console.exe 25-Jun-2003 01:01  2000.80.818.0      33,340  Dbmslpcn.dll 25-Apr-2003 02:12                    786,432  Distmdl.ldf 25-Apr-2003 02:12                  2,359,296  Distmdl.mdf 30-Jan-2003 01:55                        180  Drop_repl_hotfix.sql 23-Jun-2003 22:40  2000.80.837.0   1,557,052  Dtsui.dll 23-Jun-2003 22:40  2000.80.837.0     639,552  Dtswiz.dll 24-Apr-2003 02:51                    747,927  Instdist.sql 03-May-2003 01:56                      1,581  Inst_repl_hotfix.sql 08-Feb-2003 06:40  2000.80.765.0      90,692  Msgprox.dll 01-Apr-2003 02:07                      1,873  Odsole.sql 05-Apr-2003 01:46  2000.80.800.0      62,024  Odsole70.dll 07-May-2003 20:41  2000.80.819.0      25,144  Opends60.dll 07-May-2003 18:47                    132,096  Opends60.pdb 02-Apr-2003 21:48  2000.80.796.0      57,904  Osql.exe 02-Apr-2003 23:15  2000.80.797.0     279,104  Pfutil80.dll 22-May-2003 22:57                     19,195  Qfe469571.sql 11-Jul-2003 17:04                  1,084,147  Replmerg.sql 04-Apr-2003 21:53  2000.80.798.0     221,768  Replprov.dll 08-Feb-2003 06:40  2000.80.765.0     307,784  Replrec.dll 11-Jul-2003 16:56                  1,085,925  Replsys.sql 01-Jun-2003 01:01  2000.80.818.0     492,096  Semobj.dll 31-May-2003 18:27  2000.80.818.0     172,032  Semobj.rll 29-May-2003 00:29                    115,944  Sp3_serv_uni.sql 01-Jun-2003 01:01  2000.80.818.0   4,215,360  Sqldmo.dll 07-Apr-2003 17:44                     25,172  Sqldumper.exe 19-Mar-2003 18:20  2000.80.789.0      28,672  Sqlevn70.rll 02-Jul-2003 00:18  2000.80.834.0     180,736  Sqlmap70.dll 08-Feb-2003 06:40  2000.80.765.0      57,920  Sqlrepss.dll 24-Jul-2003 02:19  2000.80.844.0   7,553,105  Sqlservr.exe 24-Jul-2003 02:19                 12,755,968  Sqlservr.pdb 08-Feb-2003 06:40  2000.80.765.0      45,644  Sqlvdi.dll 25-Jun-2003 01:01  2000.80.818.0      33,340  Ssmslpcn.dll 01-Jun-2003 01:01  2000.80.818.0      82,492  Ssnetlib.dll 01-Jun-2003 01:01  2000.80.818.0      25,148  Ssnmpn70.dll 01-Jun-2003 01:01  2000.80.818.0     158,240  Svrnetcn.dll 31-May-2003 18:59  2000.80.818.0      76,416  Svrnetcn.exe 30-Apr-2003 23:52  2000.80.816.0      45,132  Ums.dll 30-Apr-2003 23:52                    132,096  Ums.pdb 02-Jul-2003 00:19  2000.80.834.0      98,816  Xpweb70.dll Note Because of file dependencies, the most recent hotfix or feature that contains these files may also contain additional files.

The following JDBC drivers do not support the SSL connection:
 * SQL Server 2000 JDBC Driver
 * SQL Server 2005 JDBC Driver 1.0
 * SQL Server 2005 JDBC Driver 1.1

After you apply this hotfix, you must use third-party JDBC drivers to connect to the instance of SQL Server 2000 if the following conditions are true.

Note The third-party JDBD drivers that you use must support the SSL connection.
 * The instance of SQL Server requires encrypted connections.
 * You enabled the Force Protocol Encryption option in the instance.
 * You use one of the JDBC drivers in the previous list.



WORKAROUND
If your JDBC application requires protocol encryption in SQL Server 2000, you must use another method of encryption, such as Internet Protocol security (IPSec), or use a suitable SSL-enabled Type 3 JDBC driver.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section. This problem was first corrected in SQL Server 2000 Service Pack 4.



MORE INFORMATION
For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

276553 How to enable SSL encryption for SQL Server 2000 with Certificate Server

257591 Description of the Secure Sockets Layer (SSL) handshake

316898 How to enable SSL encryption for an instance of SQL Server by using Microsoft Management Console

324777 Support WebCast: Microsoft SQL Server 2000: How to configure SSL encryption

318605 How SQL Server uses a certificate when the Force Protocol Encryption option is turned on

Keywords: kbbug kbfix kbqfe kbsqlserv2000presp4fix kbhotfixserver KB826080

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.