This article has been archived. It is offered "as is" and will no longer be updated.
Bug #: 470049 (SHILOH_BUGS)
In Microsoft SQL Server 2000, you can enable protocol encryption for all clients or for individual clients. The Force Protocol Encryption Server Network Utility option forces all incoming connections to be encrypted.
To implement protocol encryption, the driver must access the Secure Sockets Layer (SSL) protocol. Specifically, protocol encryption uses SSL application programming interfaces (APIs) that are implemented in Microsoft Windows NT. However, a problem occurs with Type 4 JDBC drivers because they are not permitted to directly call system DLLs. There is no library in Java 1.4 or earlier that emulates the protocol encryption behavior of SSL from Windows NT. If you do not apply this fix or SQL Server 2000 Service Pack 4 (SP4), SQL Server silently accepts connections from JDBC. This gives the false impression that the connections are actually encrypted. If the Force Protocol encryption option is turned on on the server side after you apply the fix, JDBC clients trying to connect to SQL server will not connect. This problem occurs because the current versions of JDBC drivers from Microsoft do not support SSL connections.
Service pack information
To resolve this problem, obtain the latest service pack for SQL Server 2000. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
290211 How to obtain the latest SQL Server 2000 service pack
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Note Because of file dependencies, the most recent hotfix or feature that contains these files may also contain additional files.
The following JDBC drivers do not support the SSL connection:
SQL Server 2000 JDBC Driver
SQL Server 2005 JDBC Driver 1.0
SQL Server 2005 JDBC Driver 1.1
After you apply this hotfix, you must use third-party JDBC drivers to connect to the instance of SQL Server 2000 if the following conditions are true.
Note The third-party JDBD drivers that you use must support the SSL connection.
The instance of SQL Server requires encrypted connections.
You enabled the Force Protocol Encryption option in the instance.
You use one of the JDBC drivers in the previous list.
If your JDBC application requires protocol encryption in SQL Server 2000, you must use another method of encryption, such as Internet Protocol security (IPSec), or use a suitable SSL-enabled Type 3 JDBC driver.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. This problem was first corrected in SQL Server 2000 Service Pack 4.
For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
276553 How to enable SSL encryption for SQL Server 2000 with Certificate Server
257591 Description of the Secure Sockets Layer (SSL) handshake
316898 How to enable SSL encryption for an instance of SQL Server by using Microsoft Management Console
324777 Support WebCast: Microsoft SQL Server 2000: How to configure SSL encryption
318605 How SQL Server uses a certificate when the Force Protocol Encryption option is turned on
Microsoft SQL Server 2000 Developer Edition, Microsoft SQL Server 2000 Standard Edition, Microsoft SQL Server 2000 Enterprise Edition, Microsoft SQL Server 2000 Personal Edition, Microsoft SQL Server 2000, Workgroup Edition, Microsoft SQL Server 2000 Desktop Engine (Windows), Microsoft SQL Server 2000 Enterprise Edition 64-bit