I've seen parts of this question asked around a few times, but nothing has worked for me yet.
I have an SQL Server 2012 instance running on a Windows server. On my Ubuntu 20.10 server, I am running PHP 7.4.12 on an apache server. I have openssl version 1.1.1 installed.
I followed most of the instructions found in the microsoft docs:
https://docs.microsoft.com/en-us/sql/connect/php/installation-tutorial-linux-mac?view=sql-server-ver15#installing-the-drivers-on-ubuntu-1604-1804-and-2004
but ran into some issues when downloading the msodbcsql17 driver. I had to download it from here instead:
https://packages.microsoft.com/ubuntu/20.04/prod/pool/main/m/msodbcsql17/
My PHP script:
<?php
try {
// Sensitive info is replaced by temporary strings.
$serverName = "<ip_addr>,<port>";
$options = array("Database" => "<db_name>", "UID" => "<user_name>", "PWD" => "<password>");
$conn = sqlsrv_connect($serverName, $options);
if ($conn == false) {
var_dump(sqlsrv_errors());
die();
}
} catch(Exception $e) {
echo("Error!");
}
Here is the error printed out from the var_dump(sqlsrv_errors());
in the code above:
array(2) {
[0]=>
array(6) {
[0]=>
string(5) "08001"
["SQLSTATE"]=>
string(5) "08001"
[1]=>
int(10054)
["code"]=>
int(10054)
[2]=>
string(73) "[Microsoft][ODBC Driver 17 for SQL Server]TCP Provider: Error code 0x2746"
["message"]=>
string(73) "[Microsoft][ODBC Driver 17 for SQL Server]TCP Provider: Error code 0x2746"
}
[1]=>
array(6) {
[0]=>
string(5) "08001"
["SQLSTATE"]=>
string(5) "08001"
[1]=>
int(10054)
["code"]=>
int(10054)
[2]=>
string(79) "[Microsoft][ODBC Driver 17 for SQL Server]Client unable to establish connection"
["message"]=>
string(79) "[Microsoft][ODBC Driver 17 for SQL Server]Client unable to establish connection"
}
}
I saw this potential solution here: https://github.com/microsoft/msphpsql/issues/1021#issuecomment-520943561 but there is no line CipherString = DEFAULT@SECLEVEL-2
in the /etc/ssl/openssl.cnf
file as the answer states. I tried adding CipherString = DEFAULT@SECLEVEL=1
to the end of the file anyway, but nothing changed.
What can I do to fix this error in the connection? Is the only other option to downgrade openssl versions? I've read that it can break many packages and cause issues down the line. I can't take the SQL Server offline to upgrade to a newer SQL version either.
I have made sure that the SQL Server is accepting remote connections as I can make an ODBC connection to the SQL Server from another machine using Crystal Reports.
EDIT: openssl command results
Here are the results which printed immediately after running:
openssl s_client -host <ip_addr> -port <port> -tls1
CONNECTED(00000003)
139710250579264:error:141E70BF:SSL routines:tls_construct_client_hello:no protoc ols available:../ssl/statem/statem_clnt.c:1112:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 7 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
Here are the results after running:
openssl s_client -host <ip_addr> -port <port> -tls1_2
and it stayed open for a while and then finally after not entering anything it printed this:
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 188 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1605916005
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---
This is a bit late now. Try MinProtocol = TLSv1.0
in /etc/ssl/openssl.cnf
. This works fine for me ( https://github.com/microsoft/msphpsql/issues/1023#issuecomment-523214695 )
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.