com.microsoft.sqlserver.jdbc.SQLServerException:The driver could not establish a secure connection to SQL Server by using SSL encr. Error: "Unexpected rethrowing"

Michael_Galli
Databricks Partner

Hi all,

there is a random error when pushing data from Databricks to a Azure SQL Database.

Anyone else also had this problem? Any ideas are appreciated.

See stacktrace attached.

Target: Azure SQL Database, Standard S6: 400 DTUs

Databricks Cluster config:

"spark_version": "9.1.x-scala2.12",

  "spark_conf": {

    "spark.driver.extraJavaOptions": "-Dlog4j2.formatMsgNoLookups=true",

    "spark.sql.session.timeZone": "UTC",

    "spark.driver.maxResultSize": "6g",

    "spark.executor.extraJavaOptions": "-Dlog4j2.formatMsgNoLookups=true",

    "spark.databricks.io.cache.enabled": "true"

  },

  "node_type_id": "Standard_E4ds_v4",

  "driver_node_type_id": "Standard_E8ds_v4",

User16741082858
Databricks Employee
Databricks Employee

This is related to cipher algorithm config occasionally failing during the handshake. As an immediate workaround I'd recommend trying to update to the latest JDBC driver which has a newer JRE which has some TLS cipher suite config updates which might mitigate the issue ( cf https://java.com/en/configure_crypto.html#TLSCipherSuiteOrder ) and also set the TLS version explicitly to 1.1 in the connection string.

Here is the latest version - https://github.com/microsoft/mssql-jdbc/releases/tag/v10.2.0

View solution in original post

Thx Pearl.. we already use mssql-jdbc 10.2.0 (from Maven library com.microsoft.azure:spark-mssql-connector_2.12:1.2.0)

Michael_Galli
Databricks Partner

@Pearl Ubaru​ 

TLS 1.1 is already deprecated.

Are there any concerns from your side to set TLS 1.2 in the connection string?

Hi @Michael Galli​. No there should be no concerns. What DBR version are you using?

@Pearl Ubaru​ DBR 9.1 LTS, because we are using com.microsoft.azure:spark-mssql-connector_2.12:1.2.0

Yes then you are fine. The DBR must be 8.4+ for TLS 1.2