Extraction giving error message about TLS Version

[smoghul]

Hello,
We use the Stitch to replicate our SQL Server data and it seems that we are now getting the following errors when running extraction:

INFO Exit status is: Discovery failed with code 1 and error message: "The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "The server selected protocol version TLS10 is not accepted by client preferences [TLS12]"

Has anyone else encountered this or know what the solution is to get our extraction up and running again?
I see knew code was pushed two days ago when our issue first popped up. Any insight @leslievandemark on if this is related?

[dmosorast]

This seems like a result of the release of tap version 1.6.9 paired with the recent deprecation of TLS1.0 and 1.1 by the IETF in RFC-8996. During the build, all of the latest packages are upgraded for security updates, which likely caused either the OS or JDBC driver to include a security patch removing TLS1.0 support.

The solution (and best practice) would be to configure the database server to use TLS1.2. I'm not sure exactly how to do that, but I would expect it to depend on your specific SQL Server version and deployment details.

[yytsui]

I figured out a work-around:

1. Follow this instruction, specifically How do I re-enable TLS1.0 and TLS1.1 in JDK distributions (option 1).
2. Set jvm option java.security.properties in project.clj, for example, this patch works in Java 8/Ubuntu 20.04.

However, for security concern, updating SQL server should be the way to go in case you can do that.