c# SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL

Question

This error occurs on a single endpoint. It is the one that tries to extract data from SqlServer. If I try to run IIS everything works fine. When I run in a linux docker container, it doesn't work anymore. I have the following errors:

OpenSslCryptographicException: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol

Unknown location SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL.

Interop+OpenSsl.DoSslHandshake(SafeSslHandle context, ReadOnlySpan input, out byte[] sendBuf, out int sendCount) AuthenticationException: Authentication failed, see inner exception.

System.Net.Security.SslStream.ForceAuthenticationAsync(TIOAdapter adapter, bool receiveFirst, byte[] reAuthenticationData, bool isApm) SqlException: A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: TCP Provider, error: 35 - An internal exception was caught)

Microsoft.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, bool breakConnection, Action wrapCloseInAction)

SecurityNegotiationException: Could not establish trust relationship for the SSL/TLS secure channel with authority '....'.

enter image description here

Answer 1

If absolutely required you can lower minimum required TLS version of OpenSSL in your runtime Docker container. Add following lines somewhere prior ENTRYPOINT in your Dockerfile:

# fix for SQLServer 2008 R2 - reduce minimum protocol to tls v1.0
RUN sed -i -e "s|^MinProtocol = .*|MinProtocol = TLSv1.0|g" "/etc/ssl/openssl.cnf"

But upgrading SQL Server so it support latest TLS versions seems to be a correct solution here.