DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 2653857 - Last Review: May 14, 2012 - Revision: 4.0

On This Page

Microsoft distributes Microsoft SQL Server 2008 Service Pack 3 (SP3) or Microsoft SQL Server 2008 R2 fixes as one downloadable file. Because the fixes are cumulative, each new release contains all the hotfixes and all the security fixes that were included with the previous SQL Server 2008 Service Pack 3 (SP3) or SQL Server 2008 R2 fix release.

SYMPTOMS

Consider the following scenario:
  • You have a client application that uses Java and Microsoft JDBC Driver for SQL Server to connect to SQL Server.
  • You upgrade Oracle Java Runtime Environment (JRE) to version 6 Update 29 or a later version.
  • After you upgrade JRE, you can no longer connect to SQL Server.

In this scenario, JDBC Driver might stop responding when it is trying to open the connection. Additionally, JDBC Driver fails immediately and a call stack is generated if one of the following methods is used to encrypt connections:
  • The Encrypt property is set to True in the connection URL.
  • SQL Server is configured to force encryption.



Notes
  • You may experience this issue if you use third-party implementations of Secure Sockets Layer (SSL)/Transport Layer Security (TLS) that contain the same behavioral change as JRE version 6 Update 29 and later versions. This change in behavior fixes a specific security issue known as "BEAST." If you are unsure whether a third-party product contains an implementation of SSL/TLS that includes this change, contact the product’s vendor.
  • Any data access provider that uses the OpenSSLlibrary may also cause this issue.

CAUSE

This issue occurs because the SQL Server engine cannot handle login records when SSL data is split into multiple Tabular Data Stream (TDS) packets.

RESOLUTION

Service pack information for SQL Server 2008 R2

To resolve this problem, obtain the latest service pack for SQL Server 2008 R2. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
2527041  (http://support.microsoft.com/kb/2527041/ ) How to obtain the latest service pack for SQL Server 2008 R2

Cumulative update information

SQL Server 2008 R2 Service Pack 1

The fix for this issue was first released in Cumulative Update 6 for SQL Server 2008 R2 Service Pack 1. For more information about how to obtain this cumulative update package, click the following article number to view the article in the Microsoft Knowledge Base:
2679367  (http://support.microsoft.com/kb/2679367/ ) Cumulative Update package 6 for SQL Server 2008 R2 Service Pack 1
Note Because the builds are cumulative, each new fix release contains all the hotfixes and all the security fixes that were included with the previous SQL Server 2008 R2 fix release. We recommend that you consider applying the most recent fix release that contains this hotfix. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
2567616  (http://support.microsoft.com/kb/2567616/ ) The SQL Server 2008 R2 builds that were released after SQL Server 2008 R2 Service Pack 1 was released

Cumulative update package 3 for SQL Server 2008 SP3

The fix for this issue was first released in Cumulative Update 3. For more information about how to obtain this cumulative update package for SQL Server 2008 Service Pack 3, click the following article number to view the article in the Microsoft Knowledge Base:
2648098  (http://support.microsoft.com/kb/2648098/ ) Cumulative update package 3 for SQL Server 2008 Service Pack 3
Note Because the builds are cumulative, each new fix release contains all the hotfixes and all the security fixes that were included with the previous SQL Server 2008 Service Pack 3 fix release. We recommend that you consider applying the most recent fix release that contains this hotfix. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
2629969  (http://support.microsoft.com/kb/2629969/ ) The SQL Server 2008 builds that were released after SQL Server 2008 Service Pack 3 was released


MORE INFORMATION

For more information about this issue, visit the following website:

Microsoft Security Advisory (2588513) (http://technet.microsoft.com/en-us/security/advisory/2588513)

WORKAROUND

To work around this issue, use one of the following methods:
  • Use an earlier version of Oracle JRE than JRE version 6 Update 29.
  • Disable SSL record splitting at the JRE level.
    Notes
    • This method might have security implications for HTTP communications.
    • For more information about this procedure, you can contact.
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
This problem was first corrected in SQL Server 2008 R2 Service Pack 2.
Keywords: 
kbqfe kbfix kbexpertiseadvanced kbsurveynew KB2653857
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support