What are the challenges you face when working across database platforms? Take the survey
Options

Help: ssl/tls pre-login handshake when accessing remote servers

While using your docker image  pointing at a locally running sql server, works great, it fails when pointing to a remote server (see below)

kevin@pc ~ $ docker run --interactive --tty \
> --mount type=bind,src=/home/kevin/scripts,dst=/scripts \
> redgate/sqlcompare:latest \
> /IAgreeToTheEULA \
> /s1:000.000.000.00\\RemoteInstance /db1:RemoteDb /userName1:my_username /password1:my_password \
> /makescripts:/scripts/scriptsFolder
SQLCompare V14.4.15.17626
===============================================================================
Copyright © Red Gate Software Ltd 1999-2020

Beta (expires on Sunday, 14 March 2021)
Error: A connection was successfully established with the server, but then an
error occurred during the pre-login handshake. (provider: SSL Provider, error:
31 - Encryption(ssl/tls) handshake failed)


I addressed the exact exception when using AzureDataStudio from Ubuntu by copying /etc/ssl/openssl.conf to ~/.config, exporting OPENSSL_CONF=~/.config/openssl.conf and adding the following to the end of the file


[openssl_init]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
CipherString = DEFAULT@SECLEVEL=1

Best Answer

  • Options
    kwilliamskwilliams Posts: 12 New member
    ... this is a hack, but if your not in a production environment, rolling back the minimum tls version will work

    I create a new image with this DockerFile

    FROM redgate/sqlcompare

    RUN /bin/sh -c 'touch /etc/ssl/openssl_custom.cnf'
    RUN /bin/sh -c 'echo "openssl_conf = openssl_init " >> /etc/ssl/openssl_custom.cnf'
    RUN /bin/sh -c 'cat /etc/ssl/openssl.cnf >> /etc/ssl/openssl_custom.cnf'
    RUN /bin/sh -c 'echo "[ openssl_init ] " >> /etc/ssl/openssl_custom.cnf'
    RUN /bin/sh -c 'echo "ssl_conf = ssl_sect " >> /etc/ssl/openssl_custom.cnf'
    RUN /bin/sh -c 'echo "[ ssl_sect ] " >> /etc/ssl/openssl_custom.cnf'
    RUN /bin/sh -c 'echo "system_default = system_default_sect " >> /etc/ssl/openssl_custom.cnf'
    RUN /bin/sh -c 'echo "[ system_default_sect ] " >> /etc/ssl/openssl_custom.cnf'
    RUN /bin/sh -c 'echo "CipherString = DEFAULT@SECLEVEL=1 " >> /etc/ssl/openssl_custom.cnf'

    ENV OPENSSL_CONF=/etc/ssl/openssl_custom.cnf





Sign In or Register to comment.