Error in connection to SQL Server 2016 data sources

We are testing a upgraded Metabase with the following configurations:

  • Metabase v0.50.34
  • Java (openjdk) v21.0.5 (Same error happens on v17.0.13 and v11.0.25 too)
  • RHEL9

When connecting to a data source of SQL Server 2016, we always get errors like the following message. We only have SQL Server 2016 in our scope, so not sure what the result will be for the other versions of SQL Server. Also, we tried different combinations of encrypt and trustServerCertificate values, but the error always happens.

The last good point without the above error was the following configuration:

  • Metabase v1.50.0 (so we believe v0.50.x works fine as well)
  • Java (openjdk) v11.0.23
  • RHEL7

We will highly appreciate any hints and suggestions.

Details

Error Message:

"encrypt" property is set to "false" and "trustServerCertificate" property is set to "false" but the driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption: Error: Certificates do not conform to algorithm constraints. ClientConnectionId:6bf62750-d5c4-49c5-8ada-4253d8b55055

Partial Screenshot of the Admin Settings > Databases:

image

A little more information:

We suspect the root cause is related to the version of Red Hat Enterprise Linux, because the same configuration of Java and metabase.jar works in RHEL7 but not in RHEL9.

Furthermore, we simplified the test by using:

  • Java openjdk v11.0.23
  • metabase.jar v0.32.5

We start the application by calling command java -jar metabase.jar, so it starts a fresh demonstration instance of Metabase running on local H2 for application database.

Later, we try to add a data source of SQL Server 2016 configured with encryption not required.

Running on RHEL7, the above test succeeded. However, running on RHEL9, it failed with the following log events:

12-19 14:58:09 DEBUG middleware.log :: GET /api/setup/admin_checklist 200 14 ms (10 DB calls) Jetty threads: 8/50 (3 busy, 5 idle, 0 queued) (48 total active threads)
12-19 14:58:44 INFO metabase.driver :: Initializing driver :sqlserver...
12-19 14:58:44 DEBUG plugins.classloader :: Setting current thread context classloader to shared classloader clojure.lang.DynamicClassLoader@1dc9fc0...
12-19 14:58:44 INFO plugins.classloader :: Added URL file:/data/metabase-test/v0.32.5/plugins/sqlserver.metabase-driver.jar to classpath
12-19 14:58:44 DEBUG plugins.init-steps :: Loading plugin namespace metabase.driver.sqlserver...
12-19 14:58:44 INFO metabase.driver :: Registered driver :sqlserver (parents: :sql-jdbc) 🚚
12-19 14:58:44 DEBUG plugins.jdbc-proxy :: Registering JDBC proxy driver for class com.microsoft.sqlserver.jdbc.SQLServerDriver...
Load lazy loading driver :sqlserver took 173 ms
12-19 14:58:44 DEBUG middleware.log :: POST /api/database 400 314 ms (0 DB calls) Jetty threads: 8/50 (3 busy, 4 idle, 0 queued) (45 total active threads)
{:valid false,
 :dbname
 "com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: \"Certificates do not conform to algorithm constraints\". ClientConnectionId:ca179b99-b3b3-4351-a0de-736b7dc8e765",
 :message
 "com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: \"Certificates do not conform to algorithm constraints\". ClientConnectionId:ca179b99-b3b3-4351-a0de-736b7dc8e765"}

12-19 14:58:44 DEBUG middleware.log :: GET /api/database 200 5 ms (3 DB calls) Jetty threads: 8/50 (3 busy, 4 idle, 0 queued) (45 total active threads)
12-19 15:00:00 INFO task.send-pulses :: Sending scheduled pulses...