Thank for the helpful post. I ended up using jtds v1.2.7 for a MSSQL Flexconnector to a MSSQL 2008 R2 database that required windows authentication and TLS encryption. A couple things to add:
- For databases requiring encryption, you must add the public certificate from the database server to the NSSDB (via the container certificates wizard), then add ;ssl=request or ;ssl=require to the connection string
- The container would not start up with versions beyond 1.2.7, I'm not sure if there is a way to bypass this
- The BEAST fix in Java causes problems connecting with the JTDS driver on databases requiring encryption (see: jTDS not connecting with SQL Server 2008 R2 SP2... | Oracle Community), this check can be turned off by adding the following to the agent.wrapper.conf file:
From my understanding, BEAST is a server side fix. So assuming that the DBAs have disabled TLS v1.0, the connection should use a non-vulnerable protocol TLS 1.1/1.2. I'm not positive on this and haven't confirmed so you may want to do your own research.