Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

c# SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL

Tags:

.net

sql-server-2012

sslhandshakeexception

sslexception

This error occurs on a single endpoint. It is the one that tries to extract data from SqlServer. If I try to run IIS everything works fine. When I run in a linux docker container, it doesn't work anymore. I have the following errors:

OpenSslCryptographicException: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol

Unknown location SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL.

Interop+OpenSsl.DoSslHandshake(SafeSslHandle context, ReadOnlySpan input, out byte[] sendBuf, out int sendCount) AuthenticationException: Authentication failed, see inner exception.

System.Net.Security.SslStream.ForceAuthenticationAsync(TIOAdapter adapter, bool receiveFirst, byte[] reAuthenticationData, bool isApm) SqlException: A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: TCP Provider, error: 35 - An internal exception was caught)

Microsoft.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, bool breakConnection, Action wrapCloseInAction)

SecurityNegotiationException: Could not establish trust relationship for the SSL/TLS secure channel with authority '....'.

enter image description here

like image 824
Maddiet97 Avatar asked Oct 25 '25 12:10

Maddiet97

2 Answers

If absolutely required you can lower minimum required TLS version of OpenSSL in your runtime Docker container. Add following lines somewhere prior ENTRYPOINT in your Dockerfile:

# fix for SQLServer 2008 R2 - reduce minimum protocol to tls v1.0
RUN sed -i -e "s|^MinProtocol = .*|MinProtocol = TLSv1.0|g" "/etc/ssl/openssl.cnf"

But upgrading SQL Server so it support latest TLS versions seems to be a correct solution here.

like image 169
Evgeniy Avatar answered Oct 27 '25 03:10

Evgeniy

Similar issue occured to me with MassTransit and RabbitMq when I moved to aspnet:9.0 at Dockerfile. I solved it in a such way:

  1. run at cmd:
openssl s_client -connect host:port

Add your host and port (of SqlServer for your case).

  1. I got information about protocol there: enter image description here

  2. Then I added next code snippet to my c# code:

host.UseSsl(sslCfg =>
{
    // ...
    sslCfg.Protocol = System.Security.Authentication.SslProtocols.Tls12;
    // ...
});

And so... My solution works at docker container. Maybe you could do sth similar with SqlServer.

like image 24
Romanov Nikita Avatar answered Oct 27 '25 03:10

Romanov Nikita

Sign in to Comment

Related questions

Is it Better to Use [Type].Parse or C[Type]
How to connect to MySQL server using Entity Framework Core
Use Entity Framework to access data from a Web service?
alternative to MemoryStream for large data volumes
Creating a PFX file in C# solution
How do I use the IncludeXmlComments to point to my second project in the same solution
.NET MAUI How to make a proper Gridlayout in Collectionview with Header?
.NET - What's the point of the JsonNode GetPath() method?
"Execution of the 'document()' function was prohibited." where EnableDocumentFunction set to true?
Does NSwag convert DateTime to DateTimeOffset in the timezone the server is in?
Using a 32bit COM object in a 64bit environment
What is the difference between an internal and a public class in c#? [duplicate]
How to paint on Form at Design Time?
The name Response does not exist in the current context
HTTP 400 When Too Many Form Items
How to fill the dataset with C# from oracle database
Number of columns in a DataGridView
.NET: How do I find the Desktop path when Folder Redirection is on?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!