Help: ssl/tls pre-login handshake when accessing remote servers
kwilliams
Posts: 12 New member
in SQL Compare
While using your docker image pointing at a locally running sql server, works great, it fails when pointing to a remote server (see below)
kevin@pc ~ $ docker run --interactive --tty \
> --mount type=bind,src=/home/kevin/scripts,dst=/scripts \
> redgate/sqlcompare:latest \
> /IAgreeToTheEULA \
> /s1:000.000.000.00\\RemoteInstance /db1:RemoteDb /userName1:my_username /password1:my_password \
> /makescripts:/scripts/scriptsFolder
SQLCompare V14.4.15.17626
===============================================================================
Copyright © Red Gate Software Ltd 1999-2020
Beta (expires on Sunday, 14 March 2021)
Error: A connection was successfully established with the server, but then an
error occurred during the pre-login handshake. (provider: SSL Provider, error:
31 - Encryption(ssl/tls) handshake failed)
> --mount type=bind,src=/home/kevin/scripts,dst=/scripts \
> redgate/sqlcompare:latest \
> /IAgreeToTheEULA \
> /s1:000.000.000.00\\RemoteInstance /db1:RemoteDb /userName1:my_username /password1:my_password \
> /makescripts:/scripts/scriptsFolder
SQLCompare V14.4.15.17626
===============================================================================
Copyright © Red Gate Software Ltd 1999-2020
Beta (expires on Sunday, 14 March 2021)
Error: A connection was successfully established with the server, but then an
error occurred during the pre-login handshake. (provider: SSL Provider, error:
31 - Encryption(ssl/tls) handshake failed)
I addressed the exact exception when using AzureDataStudio from Ubuntu by copying /etc/ssl/openssl.conf to ~/.config, exporting OPENSSL_CONF=~/.config/openssl.conf and adding the following to the end of the file
[openssl_init]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
CipherString = DEFAULT@SECLEVEL=1
Best Answer
-
kwilliams Posts: 12 New member... this is a hack, but if your not in a production environment, rolling back the minimum tls version will workI create a new image with this DockerFileFROM redgate/sqlcompareRUN /bin/sh -c 'touch /etc/ssl/openssl_custom.cnf'RUN /bin/sh -c 'echo "openssl_conf = openssl_init " >> /etc/ssl/openssl_custom.cnf'RUN /bin/sh -c 'cat /etc/ssl/openssl.cnf >> /etc/ssl/openssl_custom.cnf'RUN /bin/sh -c 'echo "[ openssl_init ] " >> /etc/ssl/openssl_custom.cnf'RUN /bin/sh -c 'echo "ssl_conf = ssl_sect " >> /etc/ssl/openssl_custom.cnf'RUN /bin/sh -c 'echo "[ ssl_sect ] " >> /etc/ssl/openssl_custom.cnf'RUN /bin/sh -c 'echo "system_default = system_default_sect " >> /etc/ssl/openssl_custom.cnf'RUN /bin/sh -c 'echo "[ system_default_sect ] " >> /etc/ssl/openssl_custom.cnf'RUN /bin/sh -c 'echo "CipherString = DEFAULT@SECLEVEL=1 " >> /etc/ssl/openssl_custom.cnf'ENV OPENSSL_CONF=/etc/ssl/openssl_custom.cnf