Article ID: 826080 - Last Review: November 2, 2007 - Revision: 4.2

FIX: SQL Server 2000 protocol encryption applies to JDBC clients

View products that this article applies to.
System TipThis article applies to a different operating system than the one you are using. Article content that may not be relevant to you is disabled.
Bug #: 470049 (SHILOH_BUGS)

On This Page

Expand all | Collapse all

SYMPTOMS

In Microsoft SQL Server 2000, you can enable protocol encryption for all clients or for individual clients. The Force Protocol Encryption Server Network Utility option forces all incoming connections to be encrypted.

To implement protocol encryption, the driver must access the Secure Sockets Layer (SSL) protocol. Specifically, protocol encryption uses SSL application programming interfaces (APIs) that are implemented in Microsoft Windows NT. However, a problem occurs with Type 4 JDBC drivers because they are not permitted to directly call system DLLs. There is no library in Java 1.4 or earlier that emulates the protocol encryption behavior of SSL from Windows NT. If you do not apply this fix or SQL Server 2000 Service Pack 4 (SP4), SQL Server silently accepts connections from JDBC. This gives the false impression that the connections are actually encrypted. If the Force Protocol encryption option is turned on on the server side after you apply the fix, JDBC clients trying to connect to SQL server will not connect. This problem occurs because the current versions of JDBC drivers from Microsoft do not support SSL connections.
Back to the top

RESOLUTION

Service pack information

To resolve this problem, obtain the latest service pack for SQL Server 2000. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
290211  (http://support.microsoft.com/kb/290211/ ) How to obtain the latest SQL Server 2000 service pack
Back to the top

Hotfix information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
   Date         Time   Version             Size   File name
   ----------------------------------------------------------------------
   31-May-2003  18:45  2000.80.818.0      78,400  Console.exe      
   25-Jun-2003  01:01  2000.80.818.0      33,340  Dbmslpcn.dll
   25-Apr-2003  02:12                    786,432  Distmdl.ldf
   25-Apr-2003  02:12                  2,359,296  Distmdl.mdf
   30-Jan-2003  01:55                        180  Drop_repl_hotfix.sql
   23-Jun-2003  22:40  2000.80.837.0   1,557,052  Dtsui.dll        
   23-Jun-2003  22:40  2000.80.837.0     639,552  Dtswiz.dll       
   24-Apr-2003  02:51                    747,927  Instdist.sql
   03-May-2003  01:56                      1,581  Inst_repl_hotfix.sql
   08-Feb-2003  06:40  2000.80.765.0      90,692  Msgprox.dll      
   01-Apr-2003  02:07                      1,873  Odsole.sql
   05-Apr-2003  01:46  2000.80.800.0      62,024  Odsole70.dll     
   07-May-2003  20:41  2000.80.819.0      25,144  Opends60.dll     
   07-May-2003  18:47                    132,096  Opends60.pdb
   02-Apr-2003  21:48  2000.80.796.0      57,904  Osql.exe         
   02-Apr-2003  23:15  2000.80.797.0     279,104  Pfutil80.dll     
   22-May-2003  22:57                     19,195  Qfe469571.sql
   11-Jul-2003  17:04                  1,084,147  Replmerg.sql
   04-Apr-2003  21:53  2000.80.798.0     221,768  Replprov.dll     
   08-Feb-2003  06:40  2000.80.765.0     307,784  Replrec.dll      
   11-Jul-2003  16:56                  1,085,925  Replsys.sql
   01-Jun-2003  01:01  2000.80.818.0     492,096  Semobj.dll       
   31-May-2003  18:27  2000.80.818.0     172,032  Semobj.rll
   29-May-2003  00:29                    115,944  Sp3_serv_uni.sql
   01-Jun-2003  01:01  2000.80.818.0   4,215,360  Sqldmo.dll       
   07-Apr-2003  17:44                     25,172  Sqldumper.exe    
   19-Mar-2003  18:20  2000.80.789.0      28,672  Sqlevn70.rll
   02-Jul-2003  00:18  2000.80.834.0     180,736  Sqlmap70.dll     
   08-Feb-2003  06:40  2000.80.765.0      57,920  Sqlrepss.dll     
   24-Jul-2003  02:19  2000.80.844.0   7,553,105  Sqlservr.exe     
   24-Jul-2003  02:19                 12,755,968  Sqlservr.pdb
   08-Feb-2003  06:40  2000.80.765.0      45,644  Sqlvdi.dll       
   25-Jun-2003  01:01  2000.80.818.0      33,340  Ssmslpcn.dll     
   01-Jun-2003  01:01  2000.80.818.0      82,492  Ssnetlib.dll     
   01-Jun-2003  01:01  2000.80.818.0      25,148  Ssnmpn70.dll     
   01-Jun-2003  01:01  2000.80.818.0     158,240  Svrnetcn.dll     
   31-May-2003  18:59  2000.80.818.0      76,416  Svrnetcn.exe     
   30-Apr-2003  23:52  2000.80.816.0      45,132  Ums.dll          
   30-Apr-2003  23:52                    132,096  Ums.pdb
   02-Jul-2003  00:19  2000.80.834.0      98,816  Xpweb70.dll
Note Because of file dependencies, the most recent hotfix or feature that contains these files may also contain additional files.

The following JDBC drivers do not support the SSL connection:
  • SQL Server 2000 JDBC Driver
  • SQL Server 2005 JDBC Driver 1.0
  • SQL Server 2005 JDBC Driver 1.1
After you apply this hotfix, you must use third-party JDBC drivers to connect to the instance of SQL Server 2000 if the following conditions are true.

Note The third-party JDBD drivers that you use must support the SSL connection.
  • The instance of SQL Server requires encrypted connections.
  • You enabled the Force Protocol Encryption option in the instance.
  • You use one of the JDBC drivers in the previous list.
Back to the top

WORKAROUND

If your JDBC application requires protocol encryption in SQL Server 2000, you must use another method of encryption, such as Internet Protocol security (IPSec), or use a suitable SSL-enabled Type 3 JDBC driver.
Back to the top

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. This problem was first corrected in SQL Server 2000 Service Pack 4.
Back to the top

MORE INFORMATION

For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
824684  (http://support.microsoft.com/kb/824684/ ) Description of the standard terminology that is used to describe Microsoft software updates
276553  (http://support.microsoft.com/kb/276553/ ) How to enable SSL encryption for SQL Server 2000 with Certificate Server
257591  (http://support.microsoft.com/kb/257591/ ) Description of the Secure Sockets Layer (SSL) handshake
316898  (http://support.microsoft.com/kb/316898/ ) How to enable SSL encryption for an instance of SQL Server by using Microsoft Management Console
324777   (http://support.microsoft.com/kb/324777/ ) Support WebCast: Microsoft SQL Server 2000: How to configure SSL encryption
318605  (http://support.microsoft.com/kb/318605/ ) How SQL Server uses a certificate when the Force Protocol Encryption option is turned on
Back to the top
APPLIES TO
  • Microsoft SQL Server 2000 Developer Edition
  • Microsoft SQL Server 2000 Standard Edition
  • Microsoft SQL Server 2000 Enterprise Edition
  • Microsoft SQL Server 2000 Personal Edition
  • Microsoft SQL Server 2000, Workgroup Edition
  • Microsoft SQL Server 2000 Desktop Engine (Windows)
  • Microsoft SQL Server 2000 Enterprise Edition 64-bit
Back to the top
Keywords: 
kbhotfixserver kbqfe kbsqlserv2000presp4fix kbfix kbbug KB826080
Back to the top