Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

.NET 5 + Microsoft.Data.SqlClient - Received an unexpected EOF or 0 bytes from the transport stream

Tags:

sql-server

ssl

.net-5

I updated my app from .NET Core 3.1 to .NET 5 and now I cant open a connection to my SQL Server database. The innermost exception error message is

Received an unexpected EOF or 0 bytes from the transport stream.

The top level error message is

A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 31 - Encryption(ssl/tls) handshake failed)

Other than the version of the .NET 5, I only updated the base image, from 3.1-bionic to 5.0.3-focal-amd64

Is there anything I'm also supposed to do?

EDIT 1:
I found this article that seems closely related to what im going by. But after altering my CipherString to the values suggested, I got no change on the error. Same thing. Perhaps there's a CipherString = ANY?

like image 875
Leonardo Avatar asked Oct 30 '25 04:10

Leonardo

1 Answers

NOTE

The Microsoft-recommended action is to improve security by upgrading your SQL Servers to support TLS v1.2

REFS:

  • SqlClient troubleshooting guide
  • How to enable TLS 1.2
  • KB3135244 - TLS 1.2 support for Microsoft SQL Server

If, however, you are unable to upgrade your SQL Server to support TLS v1.2 you are able to influence the available ciphersuites to effect a downgrade of the client protocols negotiated by editing the /etc/ssl/openssl.cnf file.

Because Alpine containers are bare bones, start by installing your favorite editor, e.g.:

apt-get update
apt-get install nano

Edit your /etc/ssl/openssl.cnf to place the following line at the beginning of the file:

openssl_conf = default_conf

And the following lines at the end of the file:

########## Override default settings to enable TLS v1.0 and 1.1 ##########

[ default_conf ]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
CipherString = DEFAULT:@SECLEVEL=1
#It really should be:
#CipherString = DEFAULT:@SECLEVEL=2

This will affect all openssl-enabled processes in the container. You can test connectivity before and after changes using the commands:

# Test TLS v1.0 connectivity
openssl s_client -host google.com -port 443 -tls1

# Test TLS v1.1 connectivity
openssl s_client -host google.com -port 443 -tls1_1
like image 112
AlwaysLearning Avatar answered Oct 31 '25 17:10

AlwaysLearning
Sign in to Comment

Related questions

How do I cancel SSIS jobs in Created Execution status
How to parse JSON column using TSQL
SQL Server: Non-null unique vs. Primary Key
How to increase hangfire job timeout
SQL Server : lock table to block other sessions trying to read the table
How to execute "IN" subquery only once
List table names, owner, schema and columns in SQL server database
what is the main use of sql alternate key
Must Declare the table variable "@table"?
How to find version of installed SSIS
What is this black flag in my code break bar?
Save Accented Characters in SQL Server
Prepend (add character) to string in sql server
Can I set 2 MB for maximum size of varbinary?
SQL Server Log info for DELETE row(s) on a table
Fetch a whole row from SQL Server with PowerShell
How to convert database table structure to XML file in sql server?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!