Migration to SQL Server fails with "The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption"
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Problem
Migrating to SQL server fails with following appears in the atlassian-bitbucket.log
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Could not get JDBC Connection; nested exception is com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.lang.RuntimeException: Could not generate DH keypair". ClientConnectionId:59f2b121-128b-4f9c-afc6-31e32105a1e1
org.springframework.jdbc.datasource.DataSourceUtils.getConnection(DataSourceUtils.java:80)
...
The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "java.lang.RuntimeException: Could not generate DH keypair". ClientConnectionId:59f2b121-128b-4f9c-afc6-31e32105a1e1
...
java.lang.RuntimeException: Could not generate DH keypair
sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
...
Could not generate DH keypair
sun.security.ssl.DHCrypt.(DHCrypt.java:142)
sun.security.ssl.DHCrypt.(DHCrypt.java:114)
sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:708)
...
Prime size must be multiple of 64, and can only range from 512 to 2048 (inclusive)
com.sun.crypto.provider.DHKeyPairGenerator.initialize(DHKeyPairGenerator.java:120)
java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:674)
sun.security.ssl.DHCrypt.(DHCrypt.java:128) Diagnosis
Environment
SQL server is configured with a strong encryption, DHE key with more than 2048 bit
Bitbucket is running with a java version which is less than 1.8u161 or 1.7u171
Cause
As explained in JDK-8072452 affected versions support only DHE sizes up to 2048-bits.
Solution
Resolution
Upgrade Java to a version where in JDK-8072452 is fixed and configure Bitbucket use.
To set that for Windows service see: How to update the JVM configuration for a Windows service
Ans some of the troubleshooting instructions related to that can be found java: not found during Bitbucket Server startup
Change the encryption with DHE keys size up to 2048.
Was this helpful?