0

My specs: PC with MS SQL Server 2008 (SP4) - 10.0.6535.0; PC on Linux (Debian GNU/Linux) with my ASP.NET Core 5.0 application (for sql - System.Data.SqlClient). I can't make successful sql request to the remote SQL server.

Logger:

[2022-08-24 13:41:55.3955] [ERROR] [GPNA.MyApplication.Infrastructure.Modules.DataLoaderModule] System.AggregateException: One or more errors occurred. (A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: TCP Provider, error: 35 - An internal exception was caught))
 ---> System.Data.SqlClient.SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: TCP Provider, error: 35 - An internal exception was caught)
 ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
 ---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL.
 ---> Interop+Crypto+OpenSslCryptographicException: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
   --- End of inner exception stack trace ---

What is wrong with SSL? – I switched off SSL in Visual Studio. And tryied different variations in SqlConnectionString, played with linux config openssl.cnf. Is the problem caused by my App, Linux or SQL Server?

SqlConnectionString like:

Data Source=10.20.17.76;Initial Catalog=Runtime; User ID=sa; Password=******; Connect Timeout=300; TrustServerCertificate=True; Encrypt = False

Thanks!

Update: I tried to launch my app on remote PC Windows Server 2008, which is connect to PC with MS SQL Server, and it works! On Linux - don't. So, the problem not in the MS SQL Server.

Improve this question
5
  • 1
    SQL Server 2008 went out of support several years ago. Besides, if the server requires authentication, it doesn't matter that Encrypt=False, the client will be forced to connect with encryption or fail. By modifying openssl.cnf you increased the problems instead of fixing anything Commented Aug 24, 2022 at 10:28
  • 1
    As for the actual error, ssl_choose_client_version:unsupported protocol, it means that since the 14-year old SQL Server 2008 is unsupported for years, it doesn't support recent TLS versions like TLS1.2 unless it's patched. Commented Aug 24, 2022 at 10:32
  • Ok, thanks! I not sure that i can to patch SQL Server. But i can configure Linux or .NET application. Commented Aug 24, 2022 at 10:39
  • If the server requires encryption, the client can't disable it. While you can re-enable obsolete versions in OpenSSL, that will prevent you from connecting to supported SQL Server versions that require newer versions. That includes Azure SQL or AWS RDS Commented Aug 24, 2022 at 10:57
  • 1
    Your edit proves the exact opposite of what you just claimed. The old and unsupported Windows Server 2008 uses the same TLS versions as the old and unsupported SQL Server 2008, that's why you can connect. You won't be able to connect from any supported Windows version. Which, at this time, is Windows 10 and later, Windows Server 2016 and later. Commented Aug 25, 2022 at 8:14

1 Answer 1

Reset to default
2

My mistake: I should have written "TLSv1", but i did "TLSv1.0", distrib based on Debian.

openssl.cnf
[system_default_sect]
MinProtocol = TLSv1
CipherString = DEFAULT@SECLEVEL=1
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.