#754 JTDS Driver hangs with Latest 1.7 JRE (Oracle 1.7 update 79, IBM 7 SR 9)

[JerryPan]

The 1.3.1 release and main lines both fails to connect to SQL Server when ssl=require is specified, for the latest 1.7 JREs (Oracle Java 1.7.0 update 79, IBM Java 7 SR9). The symptom is identical to reported in Bug # 690 and is similar to Bug # 725. There could be some new changes in the latest JRES brought the bug back? Here is the last out put lines (with -Djavax.net.debug=all) on a simple JDBC connection program, ssl=require, to a 2008 R2 SQL Server (with latest patches), the full output is attached:

Padded plaintext before ENCRYPTION: len = 336
0000: 01 01 38 00 00 01 00 53 00 45 00 4C 00 45 00 43 ..8....S.E.L.E.C
0010: 00 54 00 20 00 40 00 40 00 4D 00 41 00 58 00 5F .T. .@.@.M.A.X.
0020: 00 50 00 52 00 45 00 43 00 49 00 53 00 49 00 4F .P.R.E.C.I.S.I.O
0030: 00 4E 00 0D 00 0A 00 53 00 45 00 54 00 20 00 54 .N.....S.E.T. .T
0040: 00 52 00 41 00 4E 00 53 00 41 00 43 00 54 00 49 .R.A.N.S.A.C.T.I
0050: 00 4F 00 4E 00 20 00 49 00 53 00 4F 00 4C 00 41 .O.N. .I.S.O.L.A
0060: 00 54 00 49 00 4F 00 4E 00 20 00 4C 00 45 00 56 .T.I.O.N. .L.E.V
0070: 00 45 00 4C 00 20 00 52 00 45 00 41 00 44 00 20 .E.L. .R.E.A.D.
0080: 00 43 00 4F 00 4D 00 4D 00 49 00 54 00 54 00 45 .C.O.M.M.I.T.T.E
0090: 00 44 00 0D 00 0A 00 53 00 45 00 54 00 20 00 49 .D.....S.E.T. .I
00A0: 00 4D 00 50 00 4C 00 49 00 43 00 49 00 54 00 5F .M.P.L.I.C.I.T.
00B0: 00 54 00 52 00 41 00 4E 00 53 00 41 00 43 00 54 .T.R.A.N.S.A.C.T
00C0: 00 49 00 4F 00 4E 00 53 00 20 00 4F 00 46 00 46 .I.O.N.S. .O.F.F
00D0: 00 0D 00 0A 00 53 00 45 00 54 00 20 00 51 00 55 .....S.E.T. .Q.U
00E0: 00 4F 00 54 00 45 00 44 00 5F 00 49 00 44 00 45 .O.T.E.D..I.D.E
00F0: 00 4E 00 54 00 49 00 46 00 49 00 45 00 52 00 20 .N.T.I.F.I.E.R.
0100: 00 4F 00 4E 00 0D 00 0A 00 53 00 45 00 54 00 20 .O.N.....S.E.T.
0110: 00 54 00 45 00 58 00 54 00 53 00 49 00 5A 00 45 .T.E.X.T.S.I.Z.E
0120: 00 20 00 32 00 31 00 34 00 37 00 34 00 38 00 33 . .2.1.4.7.4.8.3
0130: 00 36 00 34 00 37 00 09 04 F2 EF 6E 1C 98 05 39 .6.4.7.....n...9
0140: 3F A8 46 61 9F 37 0E C1 B6 94 DF 04 04 04 04 04 ?.Fa.7..........
main, WRITE: TLSv1 Application Data, length = 336
[Raw write]: length = 341
0000: 17 03 01 01 50 6B 2A 51 41 1D C2 CE B3 46 00 55 ....Pk*QA....F.U
0010: 94 D5 0F B5 5C 41 79 DC 27 44 95 A3 69 D6 94 BA ....\Ay.'D..i...
0020: 98 6F 33 43 56 FD 13 18 44 B7 A2 9D A4 82 45 91 .o3CV...D.....E.
0030: 49 1E A9 FD FC FB 93 2D 69 39 C7 B3 7F 20 C9 D5 I......-i9... ..
0040: BA 0D 3E FD 3D F2 49 12 3C BE 2E 56 FE A4 00 75 ..>.=.I.<..V...u
0050: 9C DD 05 4C B3 43 5A 48 DB AB EC F8 43 DD 2F 49 ...L.CZH....C./I
0060: E5 42 02 50 13 D1 31 98 F3 17 78 23 3A EB E4 F2 .B.P..1...x#:...
0070: 7B FE 62 8B A5 95 9A AA 69 AA 0E 02 3F E2 B3 36 ..b.....i...?..6
0080: 9C 97 80 1C DC 70 38 0D BA 2E FE 83 BA AB 70 B0 .....p8.......p.
0090: 31 03 A2 48 A7 E0 A9 92 93 09 B9 FA BA 31 F5 AF 1..H.........1..
00A0: 84 3F A7 2E 89 48 A6 6E D2 2C EA AD 09 8C 0C 2F .?...H.n.,...../
00B0: A5 5D FA 4C 5F F7 EF 1D A4 BE 97 4A 96 AE 59 D4 .].L......J..Y.
00C0: 70 07 11 46 1F 48 68 C4 01 44 73 66 E5 47 EB 5F p..F.Hh..Dsf.G._
00D0: F3 F9 AC D4 A5 9F CD 13 50 02 26 41 A3 F8 57 D6 ........P.&A..W.
00E0: 47 2E 73 A2 12 50 F3 03 94 5A EC 55 1F 7C 39 D5 G.s..P...Z.U..9.
00F0: B1 98 68 DC CF 18 31 99 94 5A 19 B6 F5 8A 7A 6F ..h...1..Z....zo
0100: A4 68 2F 6D 7C 3B 70 65 C8 C9 0F 76 15 39 C8 B4 .h/m.;pe...v.9..
0110: 80 8A F9 96 7A 9D 10 64 E3 9E 6F 67 6D 67 17 33 ....z..d..ogmg.3
0120: EA E5 49 DA 22 8E E5 E8 9F 73 1C 47 B0 87 49 D5 ..I."....s.G..I.
0130: 48 BE A5 C4 86 C0 EB 52 AE 15 9E DD C6 DA 27 08 H......R......'.
0140: 5A F9 A5 4D 18 E6 18 DE 75 ED 3C 7B 7C 95 E5 E4 Z..M....u.<.....
0150: 4D D5 2C 7E F3 M.,..

This problem can be eliminated with -Djsse.enableCBCProtection=false (but we want that protection).
It would seem that SSL handhasking has passed but later write data encountered problems. Has anyone else seen this problem?

Thanks,
-Jerry

[JerryPan]

I want to add that the same JTDS code works for Java 1.8

[JerryPan]

After apply Mike Noordermeer's patch @https://gist.github.com/MikeN123/15ca4d45c50e7c3dfd57, on the top of the fix in Bug #725, the problem is elminated. Should that patch be rolled in the main line?