[英]SQL Server Pre-Login Handshake (error: 31 - Encryption(ssl/tls) handshake failed)
I have a SQL server version 12.0.6205
and the following code in a.Net Core 3.1 (or 6) Web Api controller: I have a SQL server version
12.0.6205
and the following code in a.Net Core 3.1 (or 6) Web Api controller:
var builder = new SqlConnectionStringBuilder
{
DataSource = DataSource,
UserID = UserID,
Password = Password,
InitialCatalog = InitialCatalog,
ApplicationIntent = ApplicationIntent.ReadWrite,
// Same result if true/true
Encrypt = false,
TrustServerCertificate = false
};
var connection = new SqlConnection(builder.ToString());
using (var cmd = new SqlCommand() { Connection = connection, CommandText = "SELECT TOP 1 * FROM [dbo].[Table]" })
{
connection.Open(); // Breaks here
var reader = cmd.ExecuteReader();
Console.WriteLine(reader.HasRows);
}
Locally this code works without issues but when executing in Azure's App service it breaks when opening the connection with:在本地,此代码可以正常工作,但是在 Azure 的应用服务中执行时,它会在打开连接时中断:
System.Data.SqlClient.SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 31 - Encryption(ssl/tls) handshake failed)
I also have been able to reproduce the error, locally, if creating a docker imaged based on appsvc/dotnetcore
(any tag)如果创建基于
appsvc/dotnetcore
(任何标签)映像的docker,我也能够在本地重现该错误
FROM mcr.microsoft.com/appsvc/dotnetcore:3.1-latest_20220105.1
ENV ASPNETCORE_URLS=http://+:80
EXPOSE 8080
WORKDIR /home/site/wwwroot/
COPY . .
ENTRYPOINT ["dotnet", "Test.dll"]
Found a similar issue in GitHub which is TLS HandShake Failure in SQL Server Pre-Login Handshake with Docker Image.在GitHub中发现了一个类似的问题,即 SQL 服务器登录前握手与 Docker 图像中的 TLS 握手失败。
Also, This error typically occurs in client environments like docker image containers, Unix clients, or Windows clients where TLS 1.2 is the minimum supported TLS protocol.此外,此错误通常发生在客户端环境中,例如 docker 图像容器、Unix 客户端或 Windows 客户端,其中 TLS 1.2 是支持的最低 TLS 协议。
Install the latest updates on supported versions of SQL Server1 and ensure the TLS 1.2 protocol is enabled on the server.在 SQL Server1 的受支持版本上安装最新更新,并确保在服务器上启用 TLS 1.2 协议。
Reference: Pre-Login Handshake Error Solution from Microsoft参考: Microsoft 的登录前握手错误解决方案
Like @DraggonDragger said this is a TLS issue but in my specific case I can't rely on the SQL server being updated to allow TLS 1.2 therefore I had to allow TLS 1.0.就像@DraggonDragger 说这是一个 TLS 问题,但在我的具体情况下,我不能依赖 SQL 服务器被更新以允许 TLS 1.2,因此我必须允许 TLS 1.0。
I ended up following this answer: https://stackoverflow.com/a/61523341/17892120;我最终遵循了这个答案: https://stackoverflow.com/a/61523341/17892120;
Essentially, for docker images, adding this line is enough: RUN sed -i 's/DEFAULT@SECLEVEL=2/DEFAULT@SECLEVEL=1/g' /etc/ssl/openssl.cnf
本质上,对于 docker 图像,添加这一行就足够了:
RUN sed -i 's/DEFAULT@SECLEVEL=2/DEFAULT@SECLEVEL=1/g' /etc/ssl/openssl.cnf
And for Azure's App Service, we can add sed -i 's/DEFAULT@SECLEVEL=2/DEFAULT@SECLEVEL=1/g' /etc/ssl/openssl.cnf && dotnet Test.dll
for the startup command.而对于Azure的App Service,我们可以在启动命令中添加
sed -i 's/DEFAULT@SECLEVEL=2/DEFAULT@SECLEVEL=1/g' /etc/ssl/openssl.cnf && dotnet Test.dll
。
For future reference, there's also a discussion about this in GitHub, link .为了将来参考,GitHub 中也对此进行了讨论,链接。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.