Connection to SQL Server from .NET Core on Ubuntu fails with SSL/TLS handshake error

Question

I have a .NET Core console application that connects to a SQL Server database. The application works fine on Windows, but I'm encountering an SSL/TLS handshake failure when running it on an Ubuntu 22.04 LTS VM 

class Program
{
    static void Main()
    {
        var connectionString = "Data Source=DB*****;Initial Catalog=efdfdApi;User Id=useridd;Password=*****;Connect Timeout=30;Encrypt=false;TrustServerCertificate=true;Application Intent=ReadWrite;MultiSubnetFailover=false";
        try
        {
            using (var connection = new SqlConnection(connectionString))
            {
                connection.Open();
                Console.WriteLine("Connection successful!");
            }
        }
        catch (Exception ex)
        {
            Console.WriteLine($"Connection failed: {ex.Message}");
        }
    }
}

Issue: When I execute dotnet TestConnection.dll on my Ubuntu VM, I get the following error:

 

Connection failed: A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 31 - Encryption(ssl/tls) handshake failed)

**I tried these
**
sudo apt-get update
sudo apt-get install -y libssl-dev ca-certificates libkrb5-dev
|sudo apt-get install openssl
sudo apt-get update
sudo apt-get install -y libssl-dev ca-certificates libkrb5-dev
sudo apt-get install ca-certificates

Additional Information:

• I've verified that the connection string is correct and works on Windows.
• I suspect there might be SSL/TLS configuration differences between Windows and Ubuntu that I need to address.
• <PackageReference Include="Microsoft.Data.SqlClient" Version="5.2.1" />

What steps should I take to troubleshoot and resolve this SSL/TLS handshake failure when connecting to SQL Server from .NET Core on Ubuntu?

 

Answer 1

First ensure that you have the following:

sudo apt-get install -y apt-transport-https

You should make sure that you are using Microsoft.Data.SqlClient

dotnet add package Microsoft.Data.SqlClient

Import the public repository GPG keys Register the Microsoft Ubuntu repository curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -

sudo add-apt-repository "$(wget -qO- https://packages.microsoft.com/config/ubuntu/22.04/prod.list)"

Install SQL Server command-line tools

sudo apt-get update

sudo apt-get install -y mssql-tools unixodbc-dev

I tried this after these were installed and it connected and did great.

Answer 2

Hi,@Ansh.

Analysis basis: SqlClient troubleshooting guide - ADO.NET Provider for SQL Server | Microsoft Learn

Solution: Set a lower SSL security level You could try to find openssl.cnf in Ubuntu (/etc/ssl/openssl.cnf) and modify the configuration file content.

You need to modify the beginning of your configuration file:

openssl_conf = default_conf

Then modify the last part of the configuration file:

[ default_conf ]

ssl_conf = ssl_sect

[ssl_sect]

system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1.2
CipherString = DEFAULT:@SECLEVEL=1

For more detailed changes, you can refer to the documentation below. Ubuntu 20.04 - how to set lower SSL security level? - Ask Ubuntu

---

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 3

your sqlserver is using a self signed cert for ssl (default). just add:

TrustServerCertificate=true

to the connect string.

Answer 4

And add

Encrypt=false

to the connection string