OPENSSL_CONF and diffs between dotnet run vs dotnet myall.dll in .net core 6 on ubuntu 20.04

Question

I need to make SQL connections to an old SQL Server 2012 instance running on Windows Server 2012. I realize these products are already or soon to be EOL, but it is what it is and I have no control to upgrade. With .net core 3.1 on CentOS 8 we had no problems. But we recently moved to Ubuntu 20.04 and .net core 6 and it seems that the default SSL policy on 20.04 is incompatible with the older ciphers SQL Server 2012 is using - so I made a new policy and pointed at it by setting the OPENSSL_CONF environment variable. Here's where it gets weird:

1. I have several .NET clients that need to connect to that database. One is just a simple CLI program. This one works fine if I invoke it with dotnet run. Oddly, if I invoke it with dotnet app.dll it does not work - i.e. I get a SSL error connecting to the database just like it was doing before I added the new policy via the environment variable.

2. Another app that needs to connect is a kestrel based web app. Same deal on it - if I do dotnet app.dll it works but continues to throw the SSL exception when connecting to that database - but if I do dotnet run it works. Unfortunately, this app also needs to bind to port 443 which requires setcap - and it appears that "dotnet run" must use some other application other than /usr/share/dotnet/dotnet to launch - because when I do dotnet run on this project I get permission denied trying to bind the port even though I did setcap cap_net_bind_service=+eip /usr/share/dotnet/dotnet. The app works and connects to the DB fine if I run it on a non privileged port and invoke it with dotnet run.

I will probably end up filing an issue or two against this, but thought I would ask here first. Seems to be two issues really:

1. Why does launching via dotnet myapp.dll totally ignore the OPENSSL_CONF environment variable despite it being set, and showing up if i do Console.WriteLine($"{Environment.GetEnvironmentVariable("OPENSSL_CONF")}");?

2. When using dotnet run to launch what exes do you need to give setcap capabilities to above and beyond /usr/share/dotnet/dotnet on Ubuntu 20.04?

Alternatively, I guess while waiting, I may try latest Alma and see how if it has the same or different problems.