2

I'm creating a container, which has an .net core application, based on the official microsoft image.

I'm getting the following error when the application try to connect to SQL server, it only happens inside the container: A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 31 - Encryption(ssl/tls) handshake failed)

My application uses the following packages for communcicate with sqlserver:

  • System.Data.SqlClient 4.8.2
  • Dapper 2.0.78

My connectionstring looks like this:

Data Source=xxx.xxx.xxx.xxx;Initial Catalog=XXXXXXXX;User ID=XXXXX;Password=XXXX;MultipleActiveResultSets=True;Connect Timeout=60;TrustServerCertificate=true

My docker Version isthe latest avaliable at the time: "Docker version 20.10.2, build 2291f61" is running on windows and this is how i'm creating the docher image:

FROM mcr.microsoft.com/dotnet/sdk:3.1 AS build-env
WORKDIR /prj

COPY . .
RUN dotnet publish myapp.csproj -o /app 

FROM mcr.microsoft.com/dotnet/aspnet:3.1
WORKDIR /app

RUN update-ca-certificates --fresh

COPY --from=build-env /app .
ENTRYPOINT ["dotnet", "myapp.dll"]

I've been googling for some time now, and I didn't found a solution that works for me, can some one help?

Improve this question
3
  • Why are you using System.Data.SqlClient 4.8.2 in a .NET Core application? You probably mean to be using Microsoft.Data.SqlClient instead with Dapper 2.x. Commented Feb 5, 2021 at 14:45
  • Thanks for your feedback @AlwaysLearning, yes but after changing the package, the problem remains Commented Feb 8, 2021 at 10:11
  • With Net5 I have the same error I found this bug that seems quite related github.com/dotnet/SqlClient/issues/633 Commented Jun 4, 2021 at 20:30

3 Answers 3

Reset to default
2

This error typically occurs in client environments like docker image containers, Unix clients, or Windows clients where TLS 1.2 is the minimum supported TLS protocol.

Configure TLS/SSL settings in the docker image/client environment to connect with TLS 1.0.

MinProtocol = TLSv1 
CipherString = DEFAULT@SECLEVEL=1
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Anyway, same question, do we need to run sed -i 's/TLSv1.2/TLSv1/g' /etc/ssl/openssl.cnf or we can use the ENV?
1

I was seeing a very similar error:

Error: A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: TCP Provider, error: 35 - An internal exception was caught)

I had to add Encrypt=false; item to the connection string. I am also using the IP Address from docker settings.

After that, it worked perfectly.

"Server=232.13.1.2;Initial Catalog=FakeDbName;User ID=sa;Password=This1sAFak3P@ass;Encrypt=False;"
Improve this answer

Comments

1

run below command in Dockerfile with official dotnet image (base Debian ). it change the MinProtocol to 1.2 to support sqlserver like 2012.

RUN sed -i 's/DEFAULT@SECLEVEL=2/DEFAULT@SECLEVEL=1/g' /etc/ssl/openssl.cnf
RUN sed -i 's/MinProtocol = TLSv1.2/MinProtocol = TLSv1/g' /etc/ssl/openssl.cnf
RUN sed -i 's/DEFAULT@SECLEVEL=2/DEFAULT@SECLEVEL=1/g' /usr/lib/ssl/openssl.cnf
RUN sed -i 's/MinProtocol = TLSv1.2/MinProtocol = TLSv1/g' /usr/lib/ssl/openssl.cnf
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.