Microsfot.Data.SqlClient.SqlException(0x80131904):A connection was successfully established with the server, but then an error occurred during the pre-login handshake.(provide:SSL Provider,error:31 - Encryption(ssl/tls) handshake failed)
出現錯誤的原因為服務器默認使用的ssl為TLS1_2版本,而sqlserver需要的版本為TLSv1
sudo openssl s_client -host 127.0.0.1 -port 1433
CONNECTED(00000003)
140572016162704:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1618986419
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
修改方法如下
vim /etc/pki/tls/openssl.cnf
#在oid_section=new_oids下增加
openssl_conf = default_conf
#在文件末尾增加
[default_conf]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
MinProtocol = TLSv1
CipherString = DEFAULT@SECLEVEL=1
修改完成以后重啟 sshd sudo systemctl restart sshd