Reputation: 11389
.NET 5 + Microsoft.Data.SqlClient - Received an unexpected EOF or 0 bytes from the transport stream
I updated my app from .NET Core 3.1 to .NET 5 and now I cant open a connection to my SQL Server database. The innermost exception error message is
Received an unexpected EOF or 0 bytes from the transport stream.
The top level error message is
A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 31 - Encryption(ssl/tls) handshake failed)
Other than the version of the .NET 5, I only updated the base image, from 3.1-bionic to 5.0.3-focal-amd64
Is there anything I'm also supposed to do?
EDIT 1:
I found this article that seems closely related to what im going by. But after altering my CipherString to the values suggested, I got no change on the error. Same thing. Perhaps there's a CipherString = ANY?
Upvotes: 4
Views: 4163
Answers (1)
Reputation: 8809
NOTE
The Microsoft-recommended action is to improve security by upgrading your SQL Servers to support TLS v1.2
REFS:
- SqlClient troubleshooting guide
- How to enable TLS 1.2
- KB3135244 - TLS 1.2 support for Microsoft SQL Server
If, however, you are unable to upgrade your SQL Server to support TLS v1.2 you are able to influence the available ciphersuites to effect a downgrade of the client protocols negotiated by editing the /etc/ssl/openssl.cnf file.
Because Alpine containers are bare bones, start by installing your favorite editor, e.g.:
apt-get update
apt-get install nano
Edit your /etc/ssl/openssl.cnf to place the following line at the beginning of the file:
openssl_conf = default_conf
And the following lines at the end of the file:
########## Override default settings to enable TLS v1.0 and 1.1 ##########
[ default_conf ]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
CipherString = DEFAULT:@SECLEVEL=1
#It really should be:
#CipherString = DEFAULT:@SECLEVEL=2
This will affect all openssl-enabled processes in the container. You can test connectivity before and after changes using the commands:
# Test TLS v1.0 connectivity
openssl s_client -host google.com -port 443 -tls1
# Test TLS v1.1 connectivity
openssl s_client -host google.com -port 443 -tls1_1
Upvotes: 6
Related Questions
- c# SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL
- How do I fix an error connecting to SQL Server: SSL Provider, error: 0 - The message received was unexpected or badly formatted
- .NET 6 Connection to SQL Server 2008
- ASP.NET Core. System.Data.SqlClient.SqlException - SSL_ERROR_SSL
- Microsoft.Data.SqlClient - Error pre-login handshake
- .NET 4.5 forms app connecting to SQL Server 2012 fails: SSL Provider, error: 0
- An exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll
- Exception thrown: 'System.Data.SqlClient.SqlException' in System.Data.dll
- 'System.Data.SqlClient.SqlException' thrown
- System.Data.SqlClient.SqlException error at asp.net