What are the challenges you face when working across database platforms? Take the survey

Help: ssl/tls pre-login handshake when accessing remote servers

While using your docker image  pointing at a locally running sql server, works great, it fails when pointing to a remote server (see below)

kevin@pc ~ $ docker run --interactive --tty \
> --mount type=bind,src=/home/kevin/scripts,dst=/scripts \
> redgate/sqlcompare:latest \
> /IAgreeToTheEULA \
> /s1:\\RemoteInstance /db1:RemoteDb /userName1:my_username /password1:my_password \
> /makescripts:/scripts/scriptsFolder
SQLCompare V14.4.15.17626
Copyright © Red Gate Software Ltd 1999-2020

Beta (expires on Sunday, 14 March 2021)
Error: A connection was successfully established with the server, but then an
error occurred during the pre-login handshake. (provider: SSL Provider, error:
31 - Encryption(ssl/tls) handshake failed)

I addressed the exact exception when using AzureDataStudio from Ubuntu by copying /etc/ssl/openssl.conf to ~/.config, exporting OPENSSL_CONF=~/.config/openssl.conf and adding the following to the end of the file

ssl_conf = ssl_sect

system_default = system_default_sect


Best Answer

  • Options
    kwilliamskwilliams Posts: 12 New member
    ... this is a hack, but if your not in a production environment, rolling back the minimum tls version will work

    I create a new image with this DockerFile

    FROM redgate/sqlcompare

    RUN /bin/sh -c 'touch /etc/ssl/openssl_custom.cnf'
    RUN /bin/sh -c 'echo "openssl_conf = openssl_init " >> /etc/ssl/openssl_custom.cnf'
    RUN /bin/sh -c 'cat /etc/ssl/openssl.cnf >> /etc/ssl/openssl_custom.cnf'
    RUN /bin/sh -c 'echo "[ openssl_init ] " >> /etc/ssl/openssl_custom.cnf'
    RUN /bin/sh -c 'echo "ssl_conf = ssl_sect " >> /etc/ssl/openssl_custom.cnf'
    RUN /bin/sh -c 'echo "[ ssl_sect ] " >> /etc/ssl/openssl_custom.cnf'
    RUN /bin/sh -c 'echo "system_default = system_default_sect " >> /etc/ssl/openssl_custom.cnf'
    RUN /bin/sh -c 'echo "[ system_default_sect ] " >> /etc/ssl/openssl_custom.cnf'
    RUN /bin/sh -c 'echo "CipherString = DEFAULT@SECLEVEL=1 " >> /etc/ssl/openssl_custom.cnf'

    ENV OPENSSL_CONF=/etc/ssl/openssl_custom.cnf

Sign In or Register to comment.