Confluence 7.x throws "Can't reach database server or port" error when connecting to Microsoft SQL server

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Confluence 7.x displays the following error message to administrators when connecting to a Microsoft SQL database:

(Auto-migrated image: description temporarily unavailable)

OR Confluence fails to start and you see a similar error to the below in the logs after upgrading and starting confluence.

1 2 SQLState - 08S01 com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "Server chose TLSv1, but that protocol version is not enabled or not supported by the client."

Environment

  • Confluence 7.1.0 and above

  • Microsoft SQL Server 2014 and older versions

Diagnosis

This message appears when Confluence 7.x attempts to connect the Microsoft SQL server but failed.

1 2 SQLState - 08S01 com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "Server chose TLSv1, but that protocol version is not enabled or not supported by the client."

You will see a similar error in the logs as well.

Cause

This is because, since Confluence 7.1.0 we introduced the below JVM arguments as TLSv1 is no longer secure:

1 -Djdk.tls.server.protocols=TLSv1.1,TLSv1.2 -Djdk.tls.client.protocols=TLSv1.1,TLSv1.2

Solution

Workaround

In Windows, Confluence running as a service:

  1. Identify the name of the service that Confluence is installed as in Windows (Go to Control Panel > Administrative Tools > Services)

    We are expecting to see a service name like this Confluence251017164028

  2. Open the command window (Choose Start > cmd.exe)

  3. cd to the bin directory of your Confluence installation folder and run the following command:

    1 tomcat9w.exe //ES//%service_name%

  4. Click on the Java tab to see the list of current start-up options

  5. In the Java Options box, update

    1. from:

      1 2 -Djdk.tls.server.protocols=TLSv1.1,TLSv1.2 -Djdk.tls.client.protocols=TLSv1.1,TLSv1.2

    2. to:

      1 2 -Djdk.tls.server.protocols=TLSv1,TLSv1.1,TLSv1.2 -Djdk.tls.client.protocols=TLSv1,TLSv1.1,TLSv1.2

  6. Restart the service

    For more details, please refer to Configuring System Properties - Windows service

In Linux:

  1. Open the setenv.sh from Confluence installation folder

  2. Edit the following line

    1. From

      1 CATALINA_OPTS="-Djdk.tls.server.protocols=TLSv1.1,TLSv1.2 -Djdk.tls.client.protocols=TLSv1.1,TLSv1.2 ${CATALINA_OPTS}"

    2. To

      1 CATALINA_OPTS="-Djdk.tls.server.protocols=TLSv1,TLSv1.1,TLSv1.2 -Djdk.tls.client.protocols=TLSv1,TLSv1.1,TLSv1.2 ${CATALINA_OPTS}"

  3. Restart Confluence

Permanent fix

Enable TLS 1.2 support, for more details, please refer to TLS 1.2 support for Microsoft SQL Server

Updated on April 2, 2025
Platform
Data Center only
Product
Confluence Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community