Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

Microsoft distributes Microsoft SQL Server 2008 Service Pack 3 (SP3) or Microsoft SQL Server 2008 R2 fixes as one downloadable file. Because the fixes are cumulative, each new release contains all the hotfixes and all the security fixes that were included with the previous SQL Server 2008 Service Pack 3 (SP3) or SQL Server 2008 R2 fix release.

Symptoms

Consider the following scenario:

  • You have a client application that uses Java and Microsoft JDBC Driver for SQL Server to connect to SQL Server.

  • You upgrade Oracle Java Runtime Environment (JRE) to version 6 Update 29 or a later version.

  • After you upgrade JRE, you can no longer connect to SQL Server.


In this scenario, JDBC Driver might stop responding when it is trying to open the connection. Additionally, JDBC Driver fails immediately and a call stack is generated if one of the following methods is used to encrypt connections:

  • The Encrypt property is set to True in the connection URL.

  • SQL Server is configured to force encryption.




Notes

  • You may experience this issue if you use third-party implementations of Secure Sockets Layer (SSL)/Transport Layer Security (TLS) that contain the same behavioral change as JRE version 6 Update 29 and later versions. This change in behavior fixes a specific security issue known as "BEAST." If you are unsure whether a third-party product contains an implementation of SSL/TLS that includes this change, contact the product’s vendor.

  • Any data access provider that uses the OpenSSLlibrary may also cause this issue.


Cause

This issue occurs because the SQL Server engine cannot handle login records when SSL data is split into multiple Tabular Data Stream (TDS) packets.

Resolution

Service pack information for SQL Server 2008 R2

To resolve this problem, obtain the latest service pack for SQL Server 2008 R2. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

2527041
How to obtain the latest service pack for SQL Server 2008 R2

Cumulative update information

SQL Server 2008 R2 Service Pack 1


The fix for this issue was first released in Cumulative Update 6 for SQL Server 2008 R2 Service Pack 1. For more information about how to obtain this cumulative update package, click the following article number to view the article in the Microsoft Knowledge Base:

2679367 Cumulative Update package 6 for SQL Server 2008 R2 Service Pack 1Note Because the builds are cumulative, each new fix release contains all the hotfixes and all the security fixes that were included with the previous SQL Server 2008 R2 fix release. We recommend that you consider applying the most recent fix release that contains this hotfix. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

2567616 The SQL Server 2008 R2 builds that were released after SQL Server 2008 R2 Service Pack 1 was released

Cumulative update package 3 for SQL Server 2008 SP3

The fix for this issue was first released in Cumulative Update 3. For more information about how to obtain this cumulative update package for SQL Server 2008 Service Pack 3, click the following article number to view the article in the Microsoft Knowledge Base:

2648098 Cumulative update package 3 for SQL Server 2008 Service Pack 3Note Because the builds are cumulative, each new fix release contains all the hotfixes and all the security fixes that were included with the previous SQL Server 2008 Service Pack 3 fix release. We recommend that you consider applying the most recent fix release that contains this hotfix. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

2629969 The SQL Server 2008 builds that were released after SQL Server 2008 Service Pack 3 was released

More Information

For more information about this issue, visit the following website:

Microsoft Security Advisory (2588513)

Workaround

To work around this issue, use one of the following methods:

  • Use an earlier version of Oracle JRE than JRE version 6 Update 29.

  • Disable SSL record splitting at the JRE level.
    Notes

    • This method might have security implications for HTTP communications.

    • For more information about this procedure, you can contact.

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
This problem was first corrected in SQL Server 2008 R2 Service Pack 2.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×