Share via

Connection to SQL Server from .NET Core on Ubuntu fails with SSL/TLS handshake error

Ansh 30 Reputation points
2024-07-18T15:56:42.1666667+00:00

I have a .NET Core console application that connects to a SQL Server database. The application works fine on Windows, but I'm encountering an SSL/TLS handshake failure when running it on an Ubuntu 22.04 LTS VM 

class Program
{
    static void Main()
    {
        var connectionString = "Data Source=DB*****;Initial Catalog=efdfdApi;User Id=useridd;Password=*****;Connect Timeout=30;Encrypt=false;TrustServerCertificate=true;Application Intent=ReadWrite;MultiSubnetFailover=false";
        try
        {
            using (var connection = new SqlConnection(connectionString))
            {
                connection.Open();
                Console.WriteLine("Connection successful!");
            }
        }
        catch (Exception ex)
        {
            Console.WriteLine($"Connection failed: {ex.Message}");
        }
    }
}

Issue: When I execute dotnet TestConnection.dll on my Ubuntu VM, I get the following error:

 

Connection failed: A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 31 - Encryption(ssl/tls) handshake failed)

**I tried these
**
sudo apt-get update
sudo apt-get install -y libssl-dev ca-certificates libkrb5-dev
|sudo apt-get install openssl
sudo apt-get update
sudo apt-get install -y libssl-dev ca-certificates libkrb5-dev
sudo apt-get install ca-certificates

Additional Information:

  • I've verified that the connection string is correct and works on Windows.
  • I suspect there might be SSL/TLS configuration differences between Windows and Ubuntu that I need to address.
  • <PackageReference Include="Microsoft.Data.SqlClient" Version="5.2.1" />

What steps should I take to troubleshoot and resolve this SSL/TLS handshake failure when connecting to SQL Server from .NET Core on Ubuntu?

 

Developer technologies | .NET | Other
SQL Server | Other

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-07-23T07:58:06.43+00:00

    Hi,@Ansh.

    Analysis basis: SqlClient troubleshooting guide - ADO.NET Provider for SQL Server | Microsoft Learn

    Solution: Set a lower SSL security level You could try to find openssl.cnf in Ubuntu (/etc/ssl/openssl.cnf) and modify the configuration file content.

    You need to modify the beginning of your configuration file:

    openssl_conf = default_conf

    Then modify the last part of the configuration file:

    [ default_conf ]

ssl_conf = ssl_sect

[ssl_sect]

system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1.2
CipherString = DEFAULT:@SECLEVEL=1

    For more detailed changes, you can refer to the documentation below. Ubuntu 20.04 - how to set lower SSL security level? - Ask Ubuntu

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    2 people found this answer helpful.
  2. Ben Miller-(DBADuck) 280 Reputation points MVP
    2024-07-18T19:18:06.6666667+00:00

    First ensure that you have the following:

    sudo apt-get install -y apt-transport-https

    You should make sure that you are using Microsoft.Data.SqlClient

    dotnet add package Microsoft.Data.SqlClient

    Import the public repository GPG keys Register the Microsoft Ubuntu repository curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -

    sudo add-apt-repository "$(wget -qO- https://packages.microsoft.com/config/ubuntu/22.04/prod.list)"

    Install SQL Server command-line tools

    sudo apt-get update

    sudo apt-get install -y mssql-tools unixodbc-dev

    I tried this after these were installed and it connected and did great.

    1 person found this answer helpful.
  3. Olaf Helper 47,616 Reputation points
    2024-07-18T17:35:34.39+00:00

    And add

    Encrypt=false

    to the connection string

  4. Bruce (SqlWork.com) 83,821 Reputation points
    2024-07-18T17:17:28.3033333+00:00

    your sqlserver is using a self signed cert for ssl (default). just add:

    TrustServerCertificate=true

    to the connect string.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.