Thank for the helpful post.  I ended up using jtds v1.2.7 for a MSSQL Flexconnector to a MSSQL 2008 R2 database that required windows authentication and TLS encryption.  A couple things to add:

- For databases requiring encryption, you must add the public certificate from the database server to the NSSDB (via the container certificates wizard), then add ;ssl=request or ;ssl=require to the connection string

- The container would not start up with versions beyond 1.2.7, I'm not sure if there is a way to bypass this

- The BEAST fix in Java causes problems connecting with the JTDS driver on databases requiring encryption (see: jTDS not connecting with SQL Server 2008 R2 SP2... | Oracle Community), this check can be turned off by adding the following to the agent.wrapper.conf file:

wrapper.java.additional.7=-Djsse.enableCBCProtection=false

From my understanding, BEAST is a server side fix.  So assuming that the DBAs have disabled TLS v1.0, the connection should use a non-vulnerable protocol TLS 1.1/1.2.  I'm not positive on this and haven't confirmed so you may want to do your own research.

Thanks for documenting this for posterity! Hopefully it does not get lost as did my (much quicker) notes in some forum post some years ago...

Joachim

Oh, another typo on page 5:

The class is "net.sourceforge.jtds.jdbc.Driver" not "net.sourceforce.jtds.jdbc.Driver"

Typo on page 7:

The jdbc url connection string must start with "jdbc", not "Jdbc".