0

My specs: PC with MS SQL Server 2008 (SP4) - 10.0.6535.0; PC on Linux (Debian GNU/Linux) with my ASP.NET Core 5.0 application (for sql - System.Data.SqlClient). I can't make successful sql request to the remote SQL server.

Logger:

[2022-08-24 13:41:55.3955] [ERROR] [GPNA.MyApplication.Infrastructure.Modules.DataLoaderModule] System.AggregateException: One or more errors occurred. (A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: TCP Provider, error: 35 - An internal exception was caught))
 ---> System.Data.SqlClient.SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: TCP Provider, error: 35 - An internal exception was caught)
 ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
 ---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL.
 ---> Interop+Crypto+OpenSslCryptographicException: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
   --- End of inner exception stack trace ---

What is wrong with SSL? – I switched off SSL in Visual Studio. And tryied different variations in SqlConnectionString, played with linux config openssl.cnf. Is the problem caused by my App, Linux or SQL Server?

SqlConnectionString like:

Data Source=10.20.17.76;Initial Catalog=Runtime; User ID=sa; Password=******; Connect Timeout=300; TrustServerCertificate=True; Encrypt = False

Thanks!

Update: I tried to launch my app on remote PC Windows Server 2008, which is connect to PC with MS SQL Server, and it works! On Linux - don't. So, the problem not in the MS SQL Server.

Massifox
  • 4,369
  • 11
  • 31
Роман Кириллов
  • 139
  • 1
  • 10
  • 1
    SQL Server 2008 went out of support *several* years ago. Besides, if the *server* requires authentication, it doesn't matter that `Encrypt=False`, the *client* will be forced to connect with encryption or fail. By modifying `openssl.cnf` you *increased* the problems instead of fixing anything – Panagiotis Kanavos Aug 24 '22 at 10:28
  • 1
    As for the actual error, `ssl_choose_client_version:unsupported protocol`, it means that since the 14-year old SQL Server 2008 is unsupported for years, it doesn't support recent TLS versions like TLS1.2 [unless it's patched](https://support.microsoft.com/en-us/topic/kb3135244-tls-1-2-support-for-microsoft-sql-server-e4472ef8-90a9-13c1-e4d8-44aad198cdbe). – Panagiotis Kanavos Aug 24 '22 at 10:32
  • Ok, thanks! I not sure that i can to patch SQL Server. But i can configure Linux or .NET application. – Роман Кириллов Aug 24 '22 at 10:39
  • If the *server* requires encryption, the *client* can't disable it. While you can re-enable obsolete versions in OpenSSL, that will prevent you from connecting to *supported* SQL Server versions that require newer versions. That includes Azure SQL or AWS RDS – Panagiotis Kanavos Aug 24 '22 at 10:57
  • 1
    Your edit proves the exact opposite of what you just claimed. The old and unsupported Windows Server 2008 uses the same TLS versions as the old and unsupported SQL Server 2008, that's why you can connect. You won't be able to connect from any *supported* Windows version. Which, at this time, is Windows 10 and later, [Windows Server 2016 and later](https://learn.microsoft.com/en-us/windows-server/get-started/windows-server-release-info). – Panagiotis Kanavos Aug 25 '22 at 08:14

1 Answers1

2

My mistake: I should have written "TLSv1", but i did "TLSv1.0", distrib based on Debian.

openssl.cnf
[system_default_sect]
MinProtocol = TLSv1
CipherString = DEFAULT@SECLEVEL=1
Роман Кириллов
  • 139
  • 1
  • 10