Running V7.10 of Bonita.
Attempted to update the BDM on our server. One table was too large so aborted mission and replaced with the BDM of previous. Also restarted Bonita on the server prior to re-uploading the original BDM.
Have since had all connectors (email and database) throw connection and SSL errors. Some connectors give Communications Link Failure (in a previous question). After Communications Link Failure errors, we get:
org.bonitasoft.engine.connector.ConnectorException: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]".
Any help or advice is appreciated.
Hi,
What version of java your server is running ? Has your database server been updated ? The TLSv1 protocol is being ditched.
I recommend upgrading to the latest Java version (8 or 11 depending on what your server is running).
You might also want to have a look at your sqlserver configuration has it seems to be using an out of date encryption protocol (TLSv1.0).
HTH
Romain
Java is 11. We currently don't have any SSL certificates. The server.xml only has connector active for protocol="HTTP/1.1".
Will introducing SSL and defining up to date TLS in the server.xml overcome the problem?
The issue seems to come from the JDBC connection, so you must have a JDBC url using https somewhere I guess ?
I don’t think it has something to do with the server.xml
. Did you have a look to the database server ?
I'm very new to this so unsure where to look inside the DB server. It's hosted on GCloud and currently it is set to allow unsecure connections. Do you have any ideas of a general filename where said JDBC connector settings will be stored that I can search for on the DB server? Let me know what info you need from me. Thank you so much for your help.
All I can find so far is
.../java-11-openjdk-amd64/conf/security/java.security
Has property
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, etc
And .../ssl/openssl.conf
Has property
[system_default_sect]
MinProtocol = TLSv1.2
Again, unsure if I am looking in the right places.
I’ve found this article.
Like I though, GCloud must have updated their Java version.
Try to check in your database administration console if you can enable TLS 1.2.
Version in database already includes TLS1.2
mysql> SHOW GLOBAL VARIABLES LIKE 'tls_version';
+---------------+-----------------------+
| Variable_name | Value |
+---------------+-----------------------+
| tls_version | TLSv1,TLSv1.1,TLSv1.2 |
+---------------+-----------------------+
Also, the problem started at the point that we restarted the server which hosts Bonita. Will the issue not lie in that server instead?
Your logs talk about sqlserver and now you are showing a mysql console. Are you analyzing the proper BD ?
Trust the second one, I was mostly just searching around in the cloud shell at the beginning as I am very lost and very new to it all.
But in the second I logged into the instance to check the settings.
Regardless, they all allow TLSv1.2.