[Bug]: MSSQL datasource fails with SSL handshake while server does not require encryption #41606
Description
Is there an existing issue for this?
- I have searched the existing issues
Description
MSSQL datasource fails with SSL handshake while server does not require encryption
Environment
Appsmith version: v1.97
Deployment: Docker self-hosted
Image: appsmith/appsmith-ce:latest
Host OS: Ubuntu 24.04
SQL Server:
Microsoft SQL Server 2016 SP3-GDR
13.0.6475.1
Windows Server 2012 R2
SQL Server network configuration:
TCP Enabled
Port: 1433
Force Encryption: No
Problem
When testing an MSSQL datasource, Appsmith fails during connection pool initialization with an SSL handshake error.
Error shown in Appsmith UI:
Failed to initialize pool:
The driver could not establish a secure connection to SQL Server
by using Secure Sockets Layer (SSL) encryption.
Container logs
Appsmith container log:
com.microsoft.sqlserver.jdbc.SQLServerException:
The driver could not establish a secure connection to SQL Server
by using Secure Sockets Layer (SSL) encryption.
Caused by: javax.net.ssl.SSLException:
SQL Server did not return a response. The connection has been closed.
at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1906)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:3329)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:2950)
Datasource creation fails at:
HikariPool - Exception during pool initialization
com.external.plugins.MssqlPlugin.createConnectionPool
Network connectivity verification
From the Appsmith host:
nc -zv 192.168.1.100 1433
Connection succeeded
SQL Server configuration
Verified:
Force Encryption = No
TCP enabled
Port = 1433
Connection works from other clients
Connection using DBeaver works with the same parameters:
Host: 192.168.1.100
Port: 1433
Database: database
Authentication: SQL Server authentication
User: user
No SSL settings required.
Appsmith datasource configuration
Host: 192.168.1.100
Port: 1433
Database: database
Username: user
SSL mode: Disabled
Prepared statements: Disabled
Despite SSL being disabled in the UI, logs show the JDBC driver calling:
TDSChannel.enableSSL
which suggests TLS negotiation is still attempted.
Expected behaviour
When SSL mode is Disabled, the MSSQL plugin should create a non-encrypted connection (equivalent to JDBC encrypt=false).
Actual behaviour
The driver attempts TLS handshake anyway and the connection fails.
Additional info
The MSSQL plugin used is:
/opt/appsmith/server/mongo/plugins/mssqlPlugin-v1.97.jar
Question
Is the MSSQL plugin forcing encrypt=true or attempting TLS negotiation even when SSL mode is set to Disabled?
Workaround request
Is there a way to explicitly set JDBC properties such as:
encrypt=false
trustServerCertificate=true
for the MSSQL datasource?
Steps To Reproduce
- Deploy Appsmith v1.97 using Docker.
docker run -d \
--name appsmith \
-p 80:80 \
-p 443:443 \
appsmith/appsmith-ce:latest-
Login to Appsmith.
-
Create a new datasource.
-
Select Microsoft SQL Server.
-
Configure the datasource with the following parameters:
Host: 192.168.1.100
Port: 1433
Database: database
Username: user
Password: password
SSL Mode: Disabled
Prepared Statements: Disabled
- Click Test connection.
Result
Connection fails and Appsmith logs show:
HikariPool - Exception during pool initialization
com.microsoft.sqlserver.jdbc.SQLServerException:
The driver could not establish a secure connection to SQL Server
by using Secure Sockets Layer (SSL) encryption.
Caused by: javax.net.ssl.SSLException:
SQL Server did not return a response. The connection has been closed.
at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL
Network verification
The SQL Server is reachable from the Appsmith host:
nc -zv 192.168.1.100 1433
Connection succeededAdditional verification
Connection with the same parameters works correctly using DBeaver.
Public Sample App
No response
Environment
Production
Severity
Critical (Broken Production apps)
Issue video log
No response
Version
Self Hosted - 1.97